|
| 1 | +--- |
| 2 | +title: Serialization |
| 3 | +use_cases: >- |
| 4 | + server function payloads, data transfer, csp, security, performance |
| 5 | +tags: |
| 6 | + - serialization |
| 7 | + - server-functions |
| 8 | + - csp |
| 9 | + - security |
| 10 | + - performance |
| 11 | +version: "1.0" |
| 12 | +description: >- |
| 13 | + Understand how SolidStart serializes server function payloads, supported |
| 14 | + types, and CSP tradeoffs. |
| 15 | +--- |
| 16 | + |
| 17 | +SolidStart serializes server function arguments and return values so they can travel between server and client. It uses Seroval under the hood and streams payloads to keep responses responsive. |
| 18 | + |
| 19 | +## Configuration |
| 20 | + |
| 21 | +Configure serialization in your `app.config.ts` with `defineConfig`: |
| 22 | + |
| 23 | +```tsx tab title="v1" |
| 24 | +import { defineConfig } from "@solidjs/start/config"; |
| 25 | + |
| 26 | +export default defineConfig({ |
| 27 | + serialization: { |
| 28 | + mode: "js", |
| 29 | + }, |
| 30 | +}); |
| 31 | +``` |
| 32 | + |
| 33 | +```tsx tab title="v2" |
| 34 | +import { defineConfig } from "vite"; |
| 35 | +import { solidStart } from "@solidjs/start"; |
| 36 | + |
| 37 | +export default defineConfig({ |
| 38 | + plugins: [ |
| 39 | + solidStart({ |
| 40 | + serialization: { |
| 41 | + mode: "json", |
| 42 | + }, |
| 43 | + }), |
| 44 | + ], |
| 45 | +}); |
| 46 | +``` |
| 47 | + |
| 48 | +See the full config reference in [`defineConfig`](/solid-start/reference/config/define-config#serialization). |
| 49 | + |
| 50 | +## Modes |
| 51 | + |
| 52 | +- `json`: Uses `JSON.parse` on the client. Best for strict CSP because it avoids `eval`. Payloads can be slightly larger. |
| 53 | +- `js`: Uses Seroval's JS serializer for smaller payloads and better performance, but it requires `unsafe-eval` in CSP. |
| 54 | + |
| 55 | +:::caution[v2 Breaking Change: Defaults] |
| 56 | +SolidStart v1 defaults to `js` for backwards compatibility. SolidStart v2 defaults to `json` for CSP compatibility. |
| 57 | +::: |
| 58 | + |
| 59 | +## Supported types (default) |
| 60 | + |
| 61 | +SolidStart enables Seroval plus a default set of web platform plugins. These plugins add support for: |
| 62 | + |
| 63 | +- `AbortSignal`, `CustomEvent`, `DOMException`, `Event` |
| 64 | +- `FormData`, `Headers`, `ReadableStream` |
| 65 | +- `Request`, `Response` |
| 66 | +- `URL`, `URLSearchParams` |
| 67 | + |
| 68 | +Seroval supports additional value types. The compatibility list is broader than what SolidStart enables by default, so treat it as a superset. See the [Seroval compatibility docs](https://github.com/lxsmnsyc/seroval/blob/main/docs/COMPATIBILITY.md). |
| 69 | + |
| 70 | +## Limits and exclusions |
| 71 | + |
| 72 | +- `RegExp` is disabled by default. |
| 73 | +- JSON mode enforces a maximum serialization depth of 64. If you exceed this, flatten the structure or return a simpler payload. |
| 74 | + |
| 75 | +## Related guidance |
| 76 | + |
| 77 | +- Configure modes and defaults in [`defineConfig`](/solid-start/reference/config/define-config#serialization). |
| 78 | +- CSP implications and nonce examples live in the [Security guide](/solid-start/guides/security#content-security-policy-csp). |
0 commit comments