Minor Changes
-
#11051
12a1bccThanks @ematipico! - Introduces an experimental Container API to render.astrocomponents in isolation.This API introduces three new functions to allow you to create a new container and render an Astro component returning either a string or a Response:
create(): creates a new instance of the container.renderToString(): renders a component and return a string.renderToResponse(): renders a component and returns theResponseemitted by the rendering phase.
The first supported use of this new API is to enable unit testing. For example, with
vitest, you can create a container to render your component with test data and check the result:import { experimental_AstroContainer as AstroContainer } from 'astro/container'; import { expect, test } from 'vitest'; import Card from '../src/components/Card.astro'; test('Card with slots', async () => { const container = await AstroContainer.create(); const result = await container.renderToString(Card, { slots: { default: 'Card content', }, }); expect(result).toContain('This is a card'); expect(result).toContain('Card content'); });
For a complete reference, see the Container API docs.
For a feature overview, and to give feedback on this experimental API, see the Container API roadmap discussion.
-
#11021
2d4c8faThanks @ematipico! - The CSRF protection feature that was introduced behind a flag in v4.6.0 is no longer experimental and is available for general use.To enable the stable version, add the new top-level
securityoption inastro.config.mjs. If you were previously using the experimental version of this feature, also delete the experimental flag:export default defineConfig({ - experimental: { - security: { - csrfProtection: { - origin: true - } - } - }, + security: { + checkOrigin: true + } })Enabling this setting performs a check that the
"origin"header, automatically passed by all modern browsers, matches the URL sent by each Request.This check is executed only for pages rendered on demand, and only for the requests
POST,PATCH,DELETEandPUTwith one of the following"content-type"headers:'application/x-www-form-urlencoded','multipart/form-data','text/plain'.If the
"origin"header doesn't match the pathname of the request, Astro will return a 403 status code and won't render the page.For more information, see the
securityconfiguration docs. -
#11022
be68ab4Thanks @ematipico! - Thei18nDomainsrouting feature introduced behind a flag in v3.4.0 is no longer experimental and is available for general use.This routing option allows you to configure different domains for individual locales in entirely server-rendered projects using the @astrojs/node or @astrojs/vercel adapter with a
siteconfigured.If you were using this feature, please remove the experimental flag from your Astro config:
import { defineConfig } from 'astro' export default defineConfig({ - experimental: { - i18nDomains: true, - } })If you have been waiting for stabilization before using this routing option, you can now do so.
Please see the internationalization docs for more about this feature.
-
#11071
8ca7c73Thanks @bholmesdev! - Adds two new functionsexperimental_getActionState()andexperimental_withState()to support the React 19useActionState()hook when using Astro Actions. This introduces progressive enhancement when calling an Action with thewithState()utility.This example calls a
likeaction that accepts apostIdand returns the number of likes. Pass this action to theexperimental_withState()function to apply progressive enhancement info, and apply touseActionState()to track the result:import { actions } from 'astro:actions'; import { experimental_withState } from '@astrojs/react/actions'; export function Like({ postId }: { postId: string }) { const [state, action, pending] = useActionState( experimental_withState(actions.like), 0 // initial likes ); return ( <form action={action}> <input type="hidden" name="postId" value={postId} /> <button disabled={pending}>{state} ❤️</button> </form> ); }
You can also access the state stored by
useActionState()from your actionhandler. Callexperimental_getActionState()with the API context, and optionally apply a type to the result:import { defineAction, z } from 'astro:actions'; import { experimental_getActionState } from '@astrojs/react/actions'; export const server = { like: defineAction({ input: z.object({ postId: z.string(), }), handler: async ({ postId }, ctx) => { const currentLikes = experimental_getActionState<number>(ctx); // write to database return currentLikes + 1; }, }), };
-
#11101
a6916e4Thanks @linguofeng! - Updates Astro's code for adapters to use the headerx-forwarded-forto initialize theclientAddress.To take advantage of the new change, integration authors must upgrade the version of Astro in their adapter
peerDependenciesto4.9.0. -
#11071
8ca7c73Thanks @bholmesdev! - Adds compatibility for Astro Actions in the React 19 beta. Actions can be passed to aform actionprop directly, and Astro will automatically add metadata for progressive enhancement.import { actions } from 'astro:actions'; function Like() { return ( <form action={actions.like}> {/* auto-inserts hidden input for progressive enhancement */} <button type="submit">Like</button> </form> ); }
Patch Changes
-
#11088
9566fa0Thanks @bholmesdev! - Allow actions to be called on the server. This allows you to call actions as utility functions in your Astro frontmatter, endpoints, and server-side UI components.Import and call directly from
astro:actionsas you would for client actions:--- // src/pages/blog/[postId].astro import { actions } from 'astro:actions'; await actions.like({ postId: Astro.params.postId }); ---
-
#11112
29a8650Thanks @bholmesdev! - Deprecate thegetApiContext()function. API Context can now be accessed from the second parameter to your Actionhandler():// src/actions/index.ts import { defineAction, z, - getApiContext, } from 'astro:actions'; export const server = { login: defineAction({ input: z.object({ id: z.string }), + handler(input, context) { const user = context.locals.auth(input.id); return user; } }), }