`invalidateUrl` does not work if the `fetch` call is made from a `page.server` `load` method

[Ennoriel]

Describe the bug

Calling the method invalidateUrl from a +page.svelte does not work if the referenced url of the fetch call is made from a page.server load method. It works in any other case (invalidateAll or depends).

If this is intended, I think it would need a clarification in the documentation.

Reproduction

https://github.com/Ennoriel/bug-svelte-invalidate-url-load-server

On the repo, there are 6 scenarios shown:

• invalidate that references a depends key defined in a page.ts file - OK
• invalidate that references a depends key defined in a page.server.ts file - OK
• invalidate that references a fetch url defined in a page.ts file - OK
• invalidate that references a fetch url defined in a page.server.ts file - KO
• invalidateAll with the date computed in a page.ts file - OK
• invalidateAll with the date computed in a page.server.ts file - OK

Logs

No response

System Info

System:
    OS: Windows 10 10.0.22621
    CPU: (8) x64 Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
    Memory: 8.10 GB / 15.85 GB
  Binaries:
    Node: 18.17.1 - C:\Users\alcyconie\AppData\Roaming\NodeJs\node.EXE
    npm: 9.6.7 - C:\Users\alcyconie\AppData\Roaming\NodeJs\npm.CMD
    pnpm: 8.7.6 - C:\Users\alcyconie\AppData\Roaming\NodeJs\pnpm.CMD
  Browsers:
    Edge: Chromium (118.0.2088.61)
    Internet Explorer: 11.0.22621.1
  npmPackages:
    svelte: ^4.2.2 => 4.2.2

Severity

blocking an upgrade

[Conduitry]

This is the intended behavior. This was changed in sveltejs/kit#9945 to avoid leaking secrets in URLs of requests made from the server. This is mentioned in the documentation in the first paragraph under https://kit.svelte.dev/docs/load#rerunning-load-functions-manual-invalidation and can - at least for the time being - be changed with the setting https://kit.svelte.dev/docs/configuration#dangerzone

[Ennoriel]

Thanks for the update and sorry for opening it in the wrong repo.