fix: improve no-cors request block error#21902
Merged
sapphi-red merged 1 commit intovitejs:mainfrom Mar 19, 2026
Merged
Conversation
renovate bot
added a commit
to andrei-picus-tink/auto-renovate
that referenced
this pull request
Mar 31, 2026
| datasource | package | from | to | | ---------- | ------- | ----- | ----- | | npm | vite | 7.3.1 | 8.0.3 | ## [v8.0.3](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-803-2026-03-26-small) ##### Features - update rolldown to 1.0.0-rc.12 ([#22024](vitejs/vite#22024)) ([84164ef](vitejs/vite@84164ef)) ##### Bug Fixes - **html:** cache unfiltered CSS list to prevent missing styles across entries ([#22017](vitejs/vite#22017)) ([5464190](vitejs/vite@5464190)) - **module-runner:** handle non-ascii characters in base64 sourcemaps ([#21985](vitejs/vite#21985)) ([77c95bf](vitejs/vite@77c95bf)) - **module-runner:** skip re-import if the runner is closed ([#22020](vitejs/vite#22020)) ([ee2c2cd](vitejs/vite@ee2c2cd)) - **optimizer:** scan is not resolving sub path import if used in a glob import ([#22018](vitejs/vite#22018)) ([ddfe20d](vitejs/vite@ddfe20d)) - **ssr:** ssrTransform incorrectly rewrites `meta` identifier inside `import.meta` when a binding named `meta` exists ([#22019](vitejs/vite#22019)) ([cff5f0c](vitejs/vite@cff5f0c)) ##### Miscellaneous Chores - **deps:** bump picomatch from 4.0.3 to 4.0.4 ([#22027](vitejs/vite#22027)) ([7e56003](vitejs/vite@7e56003)) ##### Tests - **html:** add tests for `getCssFilesForChunk` ([#22016](vitejs/vite#22016)) ([43fbbf9](vitejs/vite@43fbbf9)) ## [v8.0.2](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-802-2026-03-23-small) ##### Features - update rolldown to 1.0.0-rc.11 ([#21998](vitejs/vite#21998)) ([ff91c31](vitejs/vite@ff91c31)) ##### Bug Fixes - **deps:** update all non-major dependencies ([#21988](vitejs/vite#21988)) ([9b7d150](vitejs/vite@9b7d150)) ##### Miscellaneous Chores - **deps:** update dependency [@vitejs/devtools](https://github.com/vitejs/devtools) to ^0.1.5 ([#21992](vitejs/vite#21992)) ([b2dd65b](vitejs/vite@b2dd65b)) ## [v8.0.1](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-801-2026-03-19-small) ##### Features - update rolldown to 1.0.0-rc.10 ([#21932](vitejs/vite#21932)) ([b3c067d](vitejs/vite@b3c067d)) ##### Bug Fixes - **bundled-dev:** properly disable `inlineConst` optimization ([#21865](vitejs/vite#21865)) ([6d97142](vitejs/vite@6d97142)) - **css:** lightningcss minify failed when `build.target: 'es6'` ([#21933](vitejs/vite#21933)) ([5fcce46](vitejs/vite@5fcce46)) - **deps:** update all non-major dependencies ([#21878](vitejs/vite#21878)) ([6dbbd7f](vitejs/vite@6dbbd7f)) - **dev:** always use ESM Oxc runtime ([#21829](vitejs/vite#21829)) ([d323ed7](vitejs/vite@d323ed7)) - **dev:** handle concurrent restarts in `_createServer` ([#21810](vitejs/vite#21810)) ([40bc729](vitejs/vite@40bc729)) - handle `+` symbol in package subpath exports during dep optimization ([#21886](vitejs/vite#21886)) ([86db93d](vitejs/vite@86db93d)) - improve `no-cors` request block error ([#21902](vitejs/vite#21902)) ([5ba688b](vitejs/vite@5ba688b)) - use precise regexes for transform filter to avoid backtracking ([#21800](vitejs/vite#21800)) ([dbe41bd](vitejs/vite@dbe41bd)) - **worker:** `require(json)` result should not be wrapped ([#21847](vitejs/vite#21847)) ([0672fd2](vitejs/vite@0672fd2)) - **worker:** make worker output consistent with client and SSR ([#21871](vitejs/vite#21871)) ([69454d7](vitejs/vite@69454d7)) ##### Miscellaneous Chores - add changelog rearrange script ([#21835](vitejs/vite#21835)) ([efef073](vitejs/vite@efef073)) - **deps:** bump required `@vitejs/devtools` version to 0.1+ ([#21925](vitejs/vite#21925)) ([12932f5](vitejs/vite@12932f5)) - **deps:** update rolldown-related dependencies ([#21787](vitejs/vite#21787)) ([1af1d3a](vitejs/vite@1af1d3a)) - rearrange 8.0 changelog ([8e05b61](vitejs/vite@8e05b61)) - rearrange 8.0 changelog ([#21834](vitejs/vite#21834)) ([86edeee](vitejs/vite@86edeee)) ## [v8.0.0](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#800-2026-03-12) ##### Features - update rolldown to 1.0.0-rc.9 ([#21813](vitejs/vite#21813)) ([f05be0e](vitejs/vite@f05be0e)) - warn when `vite-tsconfig-paths` plugin is detected ([#21781](vitejs/vite#21781)) ([ada493e](vitejs/vite@ada493e)) ##### Bug Fixes - **deps:** update all non-major dependencies ([#21786](vitejs/vite#21786)) ([eaa4352](vitejs/vite@eaa4352))
renovate bot
added a commit
to andrei-picus-tink/auto-renovate
that referenced
this pull request
Apr 15, 2026
| datasource | package | from | to | | ---------- | ------- | ----- | ----- | | npm | vite | 7.3.1 | 8.0.8 | ## [v8.0.8](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-808-2026-04-09-small) ##### Features - update rolldown to 1.0.0-rc.15 ([#22201](vitejs/vite#22201)) ([6baf587](vitejs/vite@6baf587)) ##### Bug Fixes - avoid `dns.getDefaultResultOrder` temporary ([#22202](vitejs/vite#22202)) ([15f1c15](vitejs/vite@15f1c15)) - **ssr:** class property keys hoisting matching imports ([#22199](vitejs/vite#22199)) ([e137601](vitejs/vite@e137601)) ## [v8.0.7](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-807-2026-04-07-small) ##### Bug Fixes - use sync dns.getDefaultResultOrder instead of dns.promises ([#22185](vitejs/vite#22185)) ([5c05b04](vitejs/vite@5c05b04)) ## [v8.0.6](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-806-2026-04-07-small) ##### Features - update rolldown to 1.0.0-rc.13 ([#22097](vitejs/vite#22097)) ([51d3e48](vitejs/vite@51d3e48)) ##### Bug Fixes - **css:** avoid mutating sass error multiple times ([#22115](vitejs/vite#22115)) ([d5081c2](vitejs/vite@d5081c2)) - **optimize-deps:** hoist CJS interop assignment ([#22156](vitejs/vite#22156)) ([17a8f9e](vitejs/vite@17a8f9e)) ##### Performance Improvements - early return in `getLocalhostAddressIfDiffersFromDNS` when DNS order is `verbatim` ([#22151](vitejs/vite#22151)) ([56ec256](vitejs/vite@56ec256)) ##### Miscellaneous Chores - **create-vite:** remove unnecessary DOM.Iterable ([#22168](vitejs/vite#22168)) ([bdc53ab](vitejs/vite@bdc53ab)) - replace remaining prettier script ([#22179](vitejs/vite#22179)) ([af71fb2](vitejs/vite@af71fb2)) ## [v8.0.5](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-805-2026-04-06-small) ##### Bug Fixes - apply server.fs check to env transport ([#22159](vitejs/vite#22159)) ([f02d9fd](vitejs/vite@f02d9fd)) - avoid path traversal with optimize deps sourcemap handler ([#22161](vitejs/vite#22161)) ([79f002f](vitejs/vite@79f002f)) - check `server.fs` after stripping query as well ([#22160](vitejs/vite#22160)) ([a9a3df2](vitejs/vite@a9a3df2)) - disallow referencing files outside the package from sourcemap ([#22158](vitejs/vite#22158)) ([f05f501](vitejs/vite@f05f501)) ## [v8.0.4](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-804-2026-04-06-small) ##### Features - allow esbuild 0.28 as peer deps ([#22155](vitejs/vite#22155)) ([b0da973](vitejs/vite@b0da973)) - **hmr:** truncate list of files on hmr update ([#21535](vitejs/vite#21535)) ([d00e806](vitejs/vite@d00e806)) - **optimizer:** log when dependency scanning or bundling takes over 1s ([#21797](vitejs/vite#21797)) ([f61a1ab](vitejs/vite@f61a1ab)) ##### Bug Fixes - `hasBothRollupOptionsAndRolldownOptions` should return `false` for proxy case ([#22043](vitejs/vite#22043)) ([99897d2](vitejs/vite@99897d2)) - add types for `vite/modulepreload-polyfill` ([#22126](vitejs/vite#22126)) ([17330d2](vitejs/vite@17330d2)) - **deps:** update all non-major dependencies ([#22073](vitejs/vite#22073)) ([6daa10f](vitejs/vite@6daa10f)) - **deps:** update all non-major dependencies ([#22143](vitejs/vite#22143)) ([22b0166](vitejs/vite@22b0166)) - **resolve:** resolve tsconfig paths starting with `#` ([#22038](vitejs/vite#22038)) ([3460fc5](vitejs/vite@3460fc5)) - **ssr:** use browser platform for webworker SSR builds (fix [#21969](vitejs/vite#21969)) ([#21963](vitejs/vite#21963)) ([364c227](vitejs/vite@364c227)) ##### Documentation - add `environment.fetchModule` documentation ([#22035](vitejs/vite#22035)) ([54229e7](vitejs/vite@54229e7)) ##### Miscellaneous Chores - **deps:** update rolldown-related dependencies ([#21989](vitejs/vite#21989)) ([0ded627](vitejs/vite@0ded627)) ##### Code Refactoring - upgrade to typescript 6 ([#22110](vitejs/vite#22110)) ([cc41398](vitejs/vite@cc41398)) ## [v8.0.3](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-803-2026-03-26-small) ##### Features - update rolldown to 1.0.0-rc.12 ([#22024](vitejs/vite#22024)) ([84164ef](vitejs/vite@84164ef)) ##### Bug Fixes - **html:** cache unfiltered CSS list to prevent missing styles across entries ([#22017](vitejs/vite#22017)) ([5464190](vitejs/vite@5464190)) - **module-runner:** handle non-ascii characters in base64 sourcemaps ([#21985](vitejs/vite#21985)) ([77c95bf](vitejs/vite@77c95bf)) - **module-runner:** skip re-import if the runner is closed ([#22020](vitejs/vite#22020)) ([ee2c2cd](vitejs/vite@ee2c2cd)) - **optimizer:** scan is not resolving sub path import if used in a glob import ([#22018](vitejs/vite#22018)) ([ddfe20d](vitejs/vite@ddfe20d)) - **ssr:** ssrTransform incorrectly rewrites `meta` identifier inside `import.meta` when a binding named `meta` exists ([#22019](vitejs/vite#22019)) ([cff5f0c](vitejs/vite@cff5f0c)) ##### Miscellaneous Chores - **deps:** bump picomatch from 4.0.3 to 4.0.4 ([#22027](vitejs/vite#22027)) ([7e56003](vitejs/vite@7e56003)) ##### Tests - **html:** add tests for `getCssFilesForChunk` ([#22016](vitejs/vite#22016)) ([43fbbf9](vitejs/vite@43fbbf9)) ## [v8.0.2](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-802-2026-03-23-small) ##### Features - update rolldown to 1.0.0-rc.11 ([#21998](vitejs/vite#21998)) ([ff91c31](vitejs/vite@ff91c31)) ##### Bug Fixes - **deps:** update all non-major dependencies ([#21988](vitejs/vite#21988)) ([9b7d150](vitejs/vite@9b7d150)) ##### Miscellaneous Chores - **deps:** update dependency [@vitejs/devtools](https://github.com/vitejs/devtools) to ^0.1.5 ([#21992](vitejs/vite#21992)) ([b2dd65b](vitejs/vite@b2dd65b)) ## [v8.0.1](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-801-2026-03-19-small) ##### Features - update rolldown to 1.0.0-rc.10 ([#21932](vitejs/vite#21932)) ([b3c067d](vitejs/vite@b3c067d)) ##### Bug Fixes - **bundled-dev:** properly disable `inlineConst` optimization ([#21865](vitejs/vite#21865)) ([6d97142](vitejs/vite@6d97142)) - **css:** lightningcss minify failed when `build.target: 'es6'` ([#21933](vitejs/vite#21933)) ([5fcce46](vitejs/vite@5fcce46)) - **deps:** update all non-major dependencies ([#21878](vitejs/vite#21878)) ([6dbbd7f](vitejs/vite@6dbbd7f)) - **dev:** always use ESM Oxc runtime ([#21829](vitejs/vite#21829)) ([d323ed7](vitejs/vite@d323ed7)) - **dev:** handle concurrent restarts in `_createServer` ([#21810](vitejs/vite#21810)) ([40bc729](vitejs/vite@40bc729)) - handle `+` symbol in package subpath exports during dep optimization ([#21886](vitejs/vite#21886)) ([86db93d](vitejs/vite@86db93d)) - improve `no-cors` request block error ([#21902](vitejs/vite#21902)) ([5ba688b](vitejs/vite@5ba688b)) - use precise regexes for transform filter to avoid backtracking ([#21800](vitejs/vite#21800)) ([dbe41bd](vitejs/vite@dbe41bd)) - **worker:** `require(json)` result should not be wrapped ([#21847](vitejs/vite#21847)) ([0672fd2](vitejs/vite@0672fd2)) - **worker:** make worker output consistent with client and SSR ([#21871](vitejs/vite#21871)) ([69454d7](vitejs/vite@69454d7)) ##### Miscellaneous Chores - add changelog rearrange script ([#21835](vitejs/vite#21835)) ([efef073](vitejs/vite@efef073)) - **deps:** bump required `@vitejs/devtools` version to 0.1+ ([#21925](vitejs/vite#21925)) ([12932f5](vitejs/vite@12932f5)) - **deps:** update rolldown-related dependencies ([#21787](vitejs/vite#21787)) ([1af1d3a](vitejs/vite@1af1d3a)) - rearrange 8.0 changelog ([8e05b61](vitejs/vite@8e05b61)) - rearrange 8.0 changelog ([#21834](vitejs/vite#21834)) ([86edeee](vitejs/vite@86edeee)) ## [v8.0.0](https://github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#800-2026-03-12) ##### Features - update rolldown to 1.0.0-rc.9 ([#21813](vitejs/vite#21813)) ([f05be0e](vitejs/vite@f05be0e)) - warn when `vite-tsconfig-paths` plugin is detected ([#21781](vitejs/vite#21781)) ([ada493e](vitejs/vite@ada493e)) ##### Bug Fixes - **deps:** update all non-major dependencies ([#21786](vitejs/vite#21786)) ([eaa4352](vitejs/vite@eaa4352)) ## [v7.3.2](https://github.com/vitejs/vite/releases/tag/v7.3.2) Please refer to [CHANGELOG.md](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md) for details.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
#21235 added a middleware to block no-CORS script requests mainly to prevent HMR scripts for bunded dev to be executed from untrusted origins. That middleware returns 403 when blocking the request, but it seems browsers avoid loading the body of the response in such case. This PR changes that middleware to return 200 with a custom error. It will now show the following error:
refs #21849