From ac8ce0395c2ac013da7cd3cbbb54e4f08749c479 Mon Sep 17 00:00:00 2001
From: Princesseuh <3019731+Princesseuh@users.noreply.github.com>
Date: Fri, 12 Apr 2024 18:36:50 +0200
Subject: [PATCH 1/4] fix(assets): Forward headers from the original request to
 the internal request to the image

---
 packages/astro/src/assets/endpoint/generic.ts | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/packages/astro/src/assets/endpoint/generic.ts b/packages/astro/src/assets/endpoint/generic.ts
index 22b15446da75..63305209060b 100644
--- a/packages/astro/src/assets/endpoint/generic.ts
+++ b/packages/astro/src/assets/endpoint/generic.ts
@@ -7,9 +7,14 @@ import { isRemoteAllowed } from '../utils/remotePattern.js';
 // @ts-expect-error
 import { imageConfig } from 'astro:assets';
 
-async function loadRemoteImage(src: URL) {
+async function loadRemoteImage(src: URL, request: Request) {
 	try {
-		const res = await fetch(src);
+		const res = await fetch(src, {
+			headers: {
+				// Forward all headers from the original request
+				...Object.fromEntries(request.headers.entries()),
+			},
+		});
 
 		if (!res.ok) {
 			return undefined;
@@ -49,7 +54,7 @@ export const GET: APIRoute = async ({ request }) => {
 			return new Response('Forbidden', { status: 403 });
 		}
 
-		inputBuffer = await loadRemoteImage(sourceUrl);
+		inputBuffer = await loadRemoteImage(sourceUrl, request);
 
 		if (!inputBuffer) {
 			return new Response('Not Found', { status: 404 });

From f2166303c3b3b9fd982c2b1ebb605216889b1a05 Mon Sep 17 00:00:00 2001
From: Princesseuh <3019731+Princesseuh@users.noreply.github.com>
Date: Fri, 12 Apr 2024 18:37:41 +0200
Subject: [PATCH 2/4] chore: changeset

---
 .changeset/rich-spoons-fold.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/rich-spoons-fold.md

diff --git a/.changeset/rich-spoons-fold.md b/.changeset/rich-spoons-fold.md
new file mode 100644
index 000000000000..217562a24ce8
--- /dev/null
+++ b/.changeset/rich-spoons-fold.md
@@ -0,0 +1,5 @@
+---
+"astro": patch
+---
+
+Fixes assets endpoint in serverless returning 404 in certain situations where the website might be under a protected route

From a0fb9929ba5d78f77a5e77b4e4ed427080e24205 Mon Sep 17 00:00:00 2001
From: Princesseuh <3019731+Princesseuh@users.noreply.github.com>
Date: Fri, 12 Apr 2024 18:41:59 +0200
Subject: [PATCH 3/4] fix: only do it for local images

---
 packages/astro/src/assets/endpoint/generic.ts | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/packages/astro/src/assets/endpoint/generic.ts b/packages/astro/src/assets/endpoint/generic.ts
index 63305209060b..337644d14f96 100644
--- a/packages/astro/src/assets/endpoint/generic.ts
+++ b/packages/astro/src/assets/endpoint/generic.ts
@@ -7,12 +7,12 @@ import { isRemoteAllowed } from '../utils/remotePattern.js';
 // @ts-expect-error
 import { imageConfig } from 'astro:assets';
 
-async function loadRemoteImage(src: URL, request: Request) {
+async function loadRemoteImage(src: URL, headers: Headers) {
 	try {
 		const res = await fetch(src, {
 			headers: {
 				// Forward all headers from the original request
-				...Object.fromEntries(request.headers.entries()),
+				...Object.fromEntries(headers.entries()),
 			},
 		});
 
@@ -46,15 +46,17 @@ export const GET: APIRoute = async ({ request }) => {
 
 		let inputBuffer: ArrayBuffer | undefined = undefined;
 
-		const sourceUrl = isRemotePath(transform.src)
+		const isRemoteImage = isRemotePath(transform.src);
+
+		const sourceUrl = isRemoteImage
 			? new URL(transform.src)
 			: new URL(transform.src, url.origin);
 
-		if (isRemotePath(transform.src) && isRemoteAllowed(transform.src, imageConfig) === false) {
+		if (isRemoteImage && isRemoteAllowed(transform.src, imageConfig) === false) {
 			return new Response('Forbidden', { status: 403 });
 		}
 
-		inputBuffer = await loadRemoteImage(sourceUrl, request);
+		inputBuffer = await loadRemoteImage(sourceUrl, isRemoteImage ? new Headers() : request.headers);
 
 		if (!inputBuffer) {
 			return new Response('Not Found', { status: 404 });

From 30333120bc9ad018b944a00747cc88a2319a9ab4 Mon Sep 17 00:00:00 2001
From: Princesseuh <3019731+Princesseuh@users.noreply.github.com>
Date: Fri, 12 Apr 2024 18:56:09 +0200
Subject: [PATCH 4/4] fix: pass headers directly

---
 packages/astro/src/assets/endpoint/generic.ts | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/packages/astro/src/assets/endpoint/generic.ts b/packages/astro/src/assets/endpoint/generic.ts
index 337644d14f96..5c51f6575534 100644
--- a/packages/astro/src/assets/endpoint/generic.ts
+++ b/packages/astro/src/assets/endpoint/generic.ts
@@ -10,10 +10,8 @@ import { imageConfig } from 'astro:assets';
 async function loadRemoteImage(src: URL, headers: Headers) {
 	try {
 		const res = await fetch(src, {
-			headers: {
-				// Forward all headers from the original request
-				...Object.fromEntries(headers.entries()),
-			},
+			// Forward all headers from the original request
+			headers,
 		});
 
 		if (!res.ok) {
@@ -47,7 +45,6 @@ export const GET: APIRoute = async ({ request }) => {
 		let inputBuffer: ArrayBuffer | undefined = undefined;
 
 		const isRemoteImage = isRemotePath(transform.src);
-
 		const sourceUrl = isRemoteImage
 			? new URL(transform.src)
 			: new URL(transform.src, url.origin);