vercel/next.jsPublic

NotificationsYou must be signed in to change notification settings
Fork30.1k
Star137k

Commit5791cb6

ztanner

and

ijjk

authored

[Backport v14] add additional x-middleware-set-cookie filtering (#75561) (#75870)

Backports:-#75561-#73482---------Co-authored-by: JJ Kasper <jj@jjsweb.site>

1 parent8129a61 commit5791cb6Copy full SHA for 5791cb6

File tree

13 files changed

+83

-0

lines changed

packages/next/src/server
- lib
  - router-server.ts
  - router-utils
    - resolve-routes.ts
  - server-ipc
    - utils.ts
- send-response.ts
test
- e2e/app-dir/app-middleware
  - app-middleware.test.ts
  - app/cookies
    - api
      - route.js
    - page.js
- integration/required-server-files-ssr-404/test
  - index.test.js
- production/standalone-mode
  - required-server-files
  - response-cache
    - index.test.ts

13 files changed

+83

-0

lines changed

`‎packages/next/src/server/lib/router-server.ts‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ import { getNextPathnameInfo } from '../../shared/lib/router/utils/get-next-path`
`41`	`41`	`import{getHostname}from'../../shared/lib/get-hostname'`
`42`	`42`	`import{detectDomainLocale}from'../../shared/lib/i18n/detect-domain-locale'`
`43`	`43`	`import{normalizedAssetPrefix}from'../../shared/lib/normalized-asset-prefix'`
	`44`	`+import{filterInternalHeaders}from'./server-ipc/utils'`
`44`	`45`
`45`	`46`	`constdebug=setupDebug('next:router-server:main')`
`46`	`47`	`constisNextFont=(pathname:string\|null)=>`
`@@ -149,6 +150,11 @@ export async function initialize(opts: {`
`149`	`150`	`require('./render-server')astypeofimport('./render-server')`
`150`	`151`
`151`	`152`	`constrequestHandlerImpl:WorkerRequestHandler=async(req,res)=>{`
	`153`	`+// internal headers should not be honored by the request handler`
	`154`	`+if(!process.env.NEXT_PRIVATE_TEST_HEADERS){`
	`155`	`+filterInternalHeaders(req.headers)`
	`156`	`+}`
	`157`	`+`
`152`	`158`	`if(`
`153`	`159`	`!opts.minimalMode&&`
`154`	`160`	`config.i18n&&`

`‎packages/next/src/server/lib/router-utils/resolve-routes.ts‎`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -589,6 +589,14 @@ export function getResolveRoutes(`
`589`	`589`	`){`
`590`	`590`	`continue`
`591`	`591`	`}`
	`592`	`+`
	`593`	`+// for set-cookie, the header shouldn't be added to the response`
	`594`	`+// as it's only needed for the request to the middleware function.`
	`595`	`+if(key==='x-middleware-set-cookie'){`
	`596`	`+req.headers[key]=value`
	`597`	`+continue`
	`598`	`+}`
	`599`	`+`
`592`	`600`	`if(value){`
`593`	`601`	`resHeaders[key]=value`
`594`	`602`	`req.headers[key]=value`

`‎packages/next/src/server/lib/server-ipc/utils.ts‎`

Lines changed: 23 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -36,3 +36,26 @@ export const filterReqHeaders = (`
`36`	`36`	`}`
`37`	`37`	`returnheadersasRecord<string,undefined\|string\|string[]>`
`38`	`38`	`}`
	`39`	`+`
	`40`	`+// These are headers that are only used internally and should`
	`41`	`+// not be honored from the external request`
	`42`	`+constINTERNAL_HEADERS=[`
	`43`	`+'x-middleware-rewrite',`
	`44`	`+'x-middleware-redirect',`
	`45`	`+'x-middleware-set-cookie',`
	`46`	`+'x-middleware-skip',`
	`47`	`+'x-middleware-override-headers',`
	`48`	`+'x-middleware-next',`
	`49`	`+'x-now-route-matches',`
	`50`	`+'x-matched-path',`
	`51`	`+]`
	`52`	`+`
	`53`	`+exportconstfilterInternalHeaders=(`
	`54`	`+headers:Record<string,undefined\|string\|string[]>`
	`55`	`+)=>{`
	`56`	`+for(constheaderinheaders){`
	`57`	`+if(INTERNAL_HEADERS.includes(header)){`
	`58`	`+deleteheaders[header]`
	`59`	`+}`
	`60`	`+}`
	`61`	`+}`

`‎packages/next/src/server/send-response.ts‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,11 @@ export async function sendResponse(`
`25`	`25`
`26`	`26`	`// Copy over the response headers.`
`27`	`27`	`response.headers?.forEach((value,name)=>{`
	`28`	+// `x-middleware-set-cookie` is an internal header not needed for the response
	`29`	`+if(name.toLowerCase()==='x-middleware-set-cookie'){`
	`30`	`+return`
	`31`	`+}`
	`32`	`+`
`28`	`33`	// The append handling is special cased for `set-cookie`.
`29`	`34`	`if(name.toLowerCase()==='set-cookie'){`
`30`	`35`	`// TODO: (wyattjoh) replace with native response iteration when we can upgrade undici`

`‎test/e2e/app-dir/app-middleware/app-middleware.test.ts‎`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -174,6 +174,18 @@ createNextDescribe(`
`174`	`174`	`awaitbrowser.deleteCookies()`
`175`	`175`	`})`
`176`	`176`
	`177`	`+it('should omit internal headers for middleware cookies',async()=>{`
	`178`	`+constresponse=awaitnext.fetch('/rsc-cookies/cookie-options')`
	`179`	`+expect(response.status).toBe(200)`
	`180`	`+expect(response.headers.get('x-middleware-set-cookie')).toBeNull()`
	`181`	`+`
	`182`	`+constresponse2=awaitnext.fetch('/cookies/api')`
	`183`	`+expect(response2.status).toBe(200)`
	`184`	`+expect(response2.headers.get('x-middleware-set-cookie')).toBeNull()`
	`185`	`+expect(response2.headers.get('set-cookie')).toBeDefined()`
	`186`	`+expect(response2.headers.get('set-cookie')).toContain('example')`
	`187`	`+})`
	`188`	`+`
`177`	`189`	`it('should respect cookie options of merged middleware cookies',async()=>{`
`178`	`190`	`constbrowser=awaitnext.browser('/rsc-cookies/cookie-options')`
`179`	`191`

`‎test/e2e/app-dir/app-middleware/app/cookies/api/route.js‎`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,11 @@`
	`1`	`+import{NextResponse}from'next/server'`
	`2`	`+`
	`3`	`+exportfunctionGET(){`
	`4`	`+constresponse=newNextResponse()`
	`5`	`+response.cookies.set({`
	`6`	`+name:'example',`
	`7`	`+value:'example',`
	`8`	`+})`
	`9`	`+`
	`10`	`+returnresponse`
	`11`	`+}`

`‎test/e2e/app-dir/app-middleware/app/cookies/page.js‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,6 @@`
	`1`	`+import{cookies}from'next/headers'`
	`2`	`+`
	`3`	`+exportdefaultasyncfunctionPage(){`
	`4`	`+constcookieLength=(awaitcookies()).size`
	`5`	`+return<divid="cookies">cookies:{cookieLength}</div>`
	`6`	`+}`

`‎test/integration/required-server-files-ssr-404/test/index.test.js‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,7 @@ describe('Required Server Files', () => {`
`44`	`44`	`}`
`45`	`45`	`awaitfs.rename(join(appDir,'pages'),join(appDir,'pages-bak'))`
`46`	`46`
	`47`	`+process.env.NEXT_PRIVATE_TEST_HEADERS='1'`
`47`	`48`	`nextApp=nextServer({`
`48`	`49`	`conf:{},`
`49`	`50`	`dir:appDir,`
`@@ -57,6 +58,7 @@ describe('Required Server Files', () => {`
`57`	`58`	console.log(`Listening at ::${appPort}`)
`58`	`59`	`})`
`59`	`60`	`afterAll(async()=>{`
	`61`	`+deleteprocess.env.NEXT_PRIVATE_TEST_HEADERS`
`60`	`62`	`if(server)server.close()`
`61`	`63`	`awaitfs.rename(join(appDir,'pages-bak'),join(appDir,'pages'))`
`62`	`64`	`})`

`‎test/production/standalone-mode/required-server-files/required-server-files-app.test.ts‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ describe('required server files app router', () => {`
`25`	`25`	`})=>{`
`26`	`26`	`// test build against environment with next support`
`27`	`27`	`process.env.NOW_BUILDER=nextEnv ?'1' :''`
	`28`	`+process.env.NEXT_PRIVATE_TEST_HEADERS='1'`
`28`	`29`
`29`	`30`	`next=awaitcreateNext({`
`30`	`31`	`files:{`
`@@ -96,6 +97,7 @@ describe('required server files app router', () => {`
`96`	`97`	`awaitsetupNext({nextEnv:true,minimalMode:true})`
`97`	`98`	`})`
`98`	`99`	`afterAll(async()=>{`
	`100`	`+deleteprocess.env.NEXT_PRIVATE_TEST_HEADERS`
`99`	`101`	`awaitnext.destroy()`
`100`	`102`	`if(server)awaitkillApp(server)`
`101`	`103`	`})`

`‎test/production/standalone-mode/required-server-files/required-server-files-i18n.test.ts‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ describe('required server files i18n', () => {`
`24`	`24`
`25`	`25`	`beforeAll(async()=>{`
`26`	`26`	`letwasmPkgIsAvailable=false`
	`27`	`+process.env.NEXT_PRIVATE_TEST_HEADERS='1'`
`27`	`28`
`28`	`29`	`constres=awaitnodeFetch(`
`29`	`30`	`https://registry.npmjs.com/@next/swc-wasm-nodejs/-/swc-wasm-nodejs-${
`@@ -128,6 +129,7 @@ describe('required server files i18n', () => {`
`128`	`129`	`)`
`129`	`130`	`})`
`130`	`131`	`afterAll(async()=>{`
	`132`	`+deleteprocess.env.NEXT_PRIVATE_TEST_HEADERS`
`131`	`133`	`awaitnext.destroy()`
`132`	`134`	`if(server)awaitkillApp(server)`
`133`	`135`	`})`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit5791cb6

File tree

13 files changed

13 files changed

`‎packages/next/src/server/lib/router-server.ts‎`

`‎packages/next/src/server/lib/router-utils/resolve-routes.ts‎`

`‎packages/next/src/server/lib/server-ipc/utils.ts‎`

`‎packages/next/src/server/send-response.ts‎`

`‎test/e2e/app-dir/app-middleware/app-middleware.test.ts‎`

`‎test/e2e/app-dir/app-middleware/app/cookies/api/route.js‎`

`‎test/e2e/app-dir/app-middleware/app/cookies/page.js‎`

`‎test/integration/required-server-files-ssr-404/test/index.test.js‎`

`‎test/production/standalone-mode/required-server-files/required-server-files-app.test.ts‎`

`‎test/production/standalone-mode/required-server-files/required-server-files-i18n.test.ts‎`

0 commit comments