Astro: astro@4.6.0 Release

Minor Changes

• #10591 39988ef8e2c4c4888543c973e06d9b9939e4ac95 Thanks @mingjunlu! - Adds a new dev toolbar settings option to change the horizontal placement of the dev toolbar on your screen: bottom left, bottom center, or bottom right.

• #10689 683d51a5eecafbbfbfed3910a3f1fbf0b3531b99 Thanks @ematipico! - Deprecate support for versions of Node.js older than v18.17.1 for Node.js 18, older than v20.0.3 for Node.js 20, and the complete Node.js v19 release line.

  This change is in line with Astro's Node.js support policy.

• #10678 2e53b5fff6d292b7acdf8c30a6ecf5e5696846a1 Thanks @ematipico! - Adds a new experimental security option to prevent Cross-Site Request Forgery (CSRF) attacks. This feature is available only for pages rendered on demand:

  import { defineConfig } from 'astro/config';
  export default defineConfig({
    experimental: {
      security: {
        csrfProtection: {
          origin: true,
        },
      },
    },
  });
  

  Enabling this setting performs a check that the "origin" header, automatically passed by all modern browsers, matches the URL sent by each Request.

  This experimental "origin" check is executed only for pages rendered on demand, and only for the requests POST,PATCH,DELETEandPUTwith one of the followingcontent-type` headers: 'application/x-www-form-urlencoded', 'multipart/form-data', 'text/plain'.

  It the "origin" header doesn't match the pathname of the request, Astro will return a 403 status code and won't render the page.

• #10193 440681e7b74511a17b152af0fd6e0e4dc4014025 Thanks @ematipico! - Adds a new i18n routing option manual to allow you to write your own i18n middleware:

  import { defineConfig } from 'astro/config';
  // astro.config.mjs
  export default defineConfig({
    i18n: {
      locales: ['en', 'fr'],
      defaultLocale: 'fr',
      routing: 'manual',
    },
  });
  

  Adding routing: "manual" to your i18n config disables Astro's own i18n middleware and provides you with helper functions to write your own: redirectToDefaultLocale, notFound, and redirectToFallback:

  // middleware.js
  import { redirectToDefaultLocale } from 'astro:i18n';
  export const onRequest = defineMiddleware(async (context, next) => {
    if (context.url.startsWith('/about')) {
      return next();
    } else {
      return redirectToDefaultLocale(context, 302);
    }
  });
  

  Also adds a middleware function that manually creates Astro's i18n middleware. This allows you to extend Astro's i18n routing instead of completely replacing it. Run middleware in combination with your own middleware, using the sequence utility to determine the order:

  ```js title="src/middleware.js" import { defineMiddleware, sequence } from 'astro:middleware'; import { middleware } from 'astro:i18n'; // Astro's own i18n routing config

  export const userMiddleware = defineMiddleware();

  export const onRequest = sequence( userMiddleware, middleware({ redirectToDefaultLocale: false, prefixDefaultLocale: true, }) ); ```

• #10671 9e14a78cb05667af9821948c630786f74680090d Thanks @fshafiee! - Adds the httpOnly, sameSite, and secure options when deleting a cookie

Patch Changes

• #10747 994337c99f84304df1147a14504659439a9a7326 Thanks @lilnasy! - Fixes an issue where functions could not be used as named slots.

• #10750 7e825604ddf90c989537e07939a39dc249343897 Thanks @OliverSpeir! - Fixes a false positive for "Invalid tabindex on non-interactive element" rule for roleless elements ( div and span ).

• #10745 d51951ce6278d4b59deed938d65e1cb72b5102df Thanks @lilnasy! - Fixes an issue where CLI commands could not report the reason for failure before exiting.

• #10661 e2cd7f4291912dadd4a654bc7917856c58a72a97 Thanks @liruifengv! - Fixed errorOverlay theme toggle bug.

• Updated dependencies [ccafa8d230f65c9302421a0ce0a0adc5824bfd55, 683d51a5eecafbbfbfed3910a3f1fbf0b3531b99]:

  • @astrojs/markdown-remark@5.1.0
  • @astrojs/telemetry@3.1.0