Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid Accept-Language header will crash the server #22329

Closed
indeedhat opened this issue Feb 19, 2021 · 10 comments · Fixed by #26476
Closed

Invalid Accept-Language header will crash the server #22329

indeedhat opened this issue Feb 19, 2021 · 10 comments · Fixed by #26476
Assignees
Milestone

Comments

@indeedhat
Copy link

What version of Next.js are you using?

10.0.7

What version of Node.js are you using?

15.6.0

What browser are you using?

N/A

What operating system are you using?

Docker: node:15.6.0-alpine3.11

How are you deploying your application?

next start

Describe the Bug

If the server receives a request with an invalid Acceot-Language header it crashes due to an un caught exception

(node:18) UnhandledPromiseRejectionWarning: Error: Invalid accept-language header
    at Object.internals.parse (/app/node_modules/@hapi/accept/lib/header.js:144:28)
    at Object.exports.selections (/app/node_modules/@hapi/accept/lib/header.js:21:22)
    at Object.exports.selection (/app/node_modules/@hapi/accept/lib/header.js:12:32)
    at Object.exports.<computed> [as language] (/app/node_modules/@hapi/accept/lib/index.js:29:53)
    at DevServer.handleRequest (/app/node_modules/next/dist/next-server/server/next-server.js:19:265)
    at Server.emit (events.js:315:20)
    at parserOnIncoming (_http_server.js:790:12)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:119:17)
(node:18) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 503)

Expected Behavior

It not to crash

To Reproduce

  • Start your server
  • send a curl request at it with an invalid Accept-Language header \
curl https://my.next-project.com -H 'Accept-Language: ldfir;'
  • the server crashes

The error will also happen with the dev server next dev but the server doesnt actually crash in that case

@indeedhat indeedhat added the bug Issue was opened via the bug report template. label Feb 19, 2021
@hanayashiki

This comment has been minimized.

1 similar comment
@eugle

This comment has been minimized.

@xcrzx
Copy link

xcrzx commented May 15, 2021

I've encountered a similar crash in production (Next.js 10.2), although with a bit different stack trace:

 /usr/client/node_modules/@hapi/accept/lib/header.js:144
                 throw Boom.badRequest(`Invalid ${options.type} header`);
                            ^

 Error: Invalid accept-language header
     at Object.internals.parse (/usr/client/node_modules/@hapi/accept/lib/header.js:144:28)
     at Object.exports.selections (/usr/client/node_modules/@hapi/accept/lib/header.js:21:22)
     at Object.exports.selection (/usr/client/node_modules/@hapi/accept/lib/header.js:12:32)
     at Object.exports.<computed> [as language] (/usr/client/node_modules/@hapi/accept/lib/index.js:29:53)
     at Server.handleRequest (/usr/client/node_modules/next/dist/next-server/server/next-server.js:17:265)
     at Server.<anonymous> (/usr/client/node_modules/next/dist/server/next.js:1:1824)
     at runMicrotasks (<anonymous>)
     at processTicksAndRejections (node:internal/process/task_queues:96:5) {
   data: null,
   isBoom: true,
   isServer: false,
   output: {
     statusCode: 400,
     payload: {
       statusCode: 400,
       error: 'Bad Request',
       message: 'Invalid accept-language header'
     },
     headers: {}
   }
 }

Is there a workaround for the issue?

@eugle
Copy link

eugle commented May 16, 2021

A restart event occurred with NextJS running in Docker. Docker logs are as follows:

TypeError: Cannot read property 'includes' of undefined
    at Start (/app/.next/server/pages/index.js:400:29)
    at getServerSideProps (/app/.next/server/pages/index.js:733:51)
    at renderToHTML (/app/node_modules/next/dist/next-server/server/render.js:40:221)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async /app/node_modules/next/dist/next-server/server/next-server.js:111:97
    at async /app/node_modules/next/dist/next-server/server/next-server.js:104:142
    at async Server.renderToHTMLWithComponents (/app/node_modules/next/dist/next-server/server/next-server.js:136:387)
    at async Server.renderToHTML (/app/node_modules/next/dist/next-server/server/next-server.js:137:610)
    at async Server.render (/app/node_modules/next/dist/next-server/server/next-server.js:74:255)
    at async Object.fn (/app/node_modules/next/dist/next-server/server/next-server.js:58:672)

/app/node_modules/@hapi/accept/lib/header.js:106
            throw Boom.badRequest(`Invalid ${options.type} header`);
                       ^

Error: Invalid accept-language header
    at Object.internals.parse (/app/node_modules/@hapi/accept/lib/header.js:106:24)
    at Object.exports.selections (/app/node_modules/@hapi/accept/lib/header.js:21:22)
    at Object.exports.selection (/app/node_modules/@hapi/accept/lib/header.js:12:32)
    at Object.exports.<computed> [as language] (/app/node_modules/@hapi/accept/lib/index.js:29:53)
    at Server.handleRequest (/app/node_modules/next/dist/next-server/server/next-server.js:17:265)
    at Server.<anonymous> (/app/node_modules/next/dist/server/next.js:1:1824)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  data: null,
  isBoom: true,
  isServer: false,
  output: {
    statusCode: 400,
    payload: {
      statusCode: 400,
      error: 'Bad Request',
      message: 'Invalid accept-language header'
    },
    headers: {}
  }
}
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

@lortmorris
Copy link

Hi guys, any news regarding this bug?
i have 2 sites all time down because i have request with invalid languages header.

@kkoudev
Copy link

kkoudev commented May 31, 2021

Hi.
It's a bit brute force, but you can prevent the crash with a workaround forking @hapi/accept patched to ignore invalid headers and replacing package.json as follows:

"resolutions": {
  "@hapi/accept": "github:kkoudev/accept#ignore-invalid-headers"
}

Actually, I think it is necessary to catch the exception and handle the error inside Next.js.

@wereHamster
Copy link
Contributor

I also see this exception, triggered by this code:

        const params = part.split(';');
        if (params.length > 2) {
            throw Boom.badRequest(`Invalid ${options.type} header`);
        }

It's a shame that the error message doesn't include the actual value of the header, would help me debug what's causing it. I suspect a broken browser which sends an invalid Accept-Language header…

@psaren
Copy link

psaren commented Jun 8, 2021

I find if we set i18n.localeDetection = false, ignore accept.language method, this error will not show again.
But I am not sure, whether it will cause other problem,

let acceptPreferredLocale =
i18n.localeDetection !== false
? accept.language(req.headers['accept-language'], i18n.locales)
: detectedLocale

@indeedhat
Copy link
Author

I also see this exception, triggered by this code:

        const params = part.split(';');
        if (params.length > 2) {
            throw Boom.badRequest(`Invalid ${options.type} header`);
        }

It's a shame that the error message doesn't include the actual value of the header, would help me debug what's causing it. I suspect a broken browser which sends an invalid Accept-Language header…

Based on the regularity that it was happening and that i multiple pods would tend to crash at the same time it was my assumption that it was some kind of bot that was causing it.

But i totally agree that it would be nice the get the actual content logged.

I find if we set i18n.localeDetection = false, ignore accept.language method, this error will not show again.
But I am not sure, whether it will cause other problem,

let acceptPreferredLocale =
i18n.localeDetection !== false
? accept.language(req.headers['accept-language'], i18n.locales)
: detectedLocale

This is the stop gap i have ended up with until there is a proper fix, its not ideal but its better than getting repeated crashes and it at least allows for manual language selection.

@timneutkens timneutkens added kind: bug and removed bug Issue was opened via the bug report template. labels Jun 22, 2021
@timneutkens timneutkens added this to the Iteration 22 milestone Jun 22, 2021
@huozhi huozhi assigned huozhi and unassigned ijjk Jun 22, 2021
@kodiakhq kodiakhq bot closed this as completed in #26476 Jun 22, 2021
kodiakhq bot pushed a commit that referenced this issue Jun 22, 2021
Fixes #22329

## Bug

- [x] Related issues linked using fixes #22329
- [x] Integration tests added

## Feature

- [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Documentation added
- [ ] Telemetry added. In case of a feature if it's used or not.

## Documentation / Examples

- [ ] Make sure the linting passes
flybayer pushed a commit to blitz-js/next.js that referenced this issue Jun 24, 2021
Fixes vercel#22329

## Bug

- [x] Related issues linked using fixes vercel#22329
- [x] Integration tests added

## Feature

- [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Documentation added
- [ ] Telemetry added. In case of a feature if it's used or not.

## Documentation / Examples

- [ ] Make sure the linting passes
leimonio added a commit to leimonio/next.js that referenced this issue Jul 6, 2021
* [WIP] Add cms notion integration example - index page

* Add cover images for pages

* Add post page

* Remove preview functionality

* Add module.exports to security headers documentation (vercel#26466)

Without `module.exports`, the provided code won't work if just pasted into `next.config.js`

## Documentation / Examples

- [x] Make sure the linting passes

* fix: ignore invalid accept-language header (vercel#26476)



Fixes vercel#22329

## Bug

- [x] Related issues linked using fixes vercel#22329
- [x] Integration tests added

## Feature

- [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Documentation added
- [ ] Telemetry added. In case of a feature if it's used or not.

## Documentation / Examples

- [ ] Make sure the linting passes

* chore: Add Alex to lint documentation (vercel#26354)

This Pull Request adds [Alex](https://alexjs.com/) to our documentation. It catches insensitive, inconsiderate writing. 

The original PR (vercel#25821) is too large so I have decided to break it down into smaller PRs. This PR is the first part. Then I will continue to add the rest of the documentation in smaller PRs.

## More Information on Alex:
https://alexjs.com/
https://github.com/get-alex/alex

## Documentation / Examples

- [x] Make sure the linting passes

* Fix domain locales not available on client (vercel#26083)

* bug: Fix domain locales not available on client

* Add test case

* update tests

Co-authored-by: JJ Kasper <jj@jjsweb.site>

* Update to only add image import types when enabled (vercel#26485)

* Update to only add image import types when enabled

* add type check to test

* Update i18n fields in docs (vercel#26492)



Closes: vercel#24991

## Documentation / Examples

- [x] Make sure the linting passes

* v11.0.1-canary.7

* Strongly type `Router.events.on` and `Router.events.off` (vercel#26456)

This strongly types `Router.events.on` and `Router.events.off`. Previously the event type was `string` but now it's `'routeChangeStart' | 'beforeHistoryChange' | 'routeChangeComplete' | 'routeChangeError' | 'hashChangeStart' | 'hashChangeComplete'`


## Bug

- ~[ ] Related issues linked using `fixes #number`~
- [x] Integration tests added

Closes vercel#25679
Closes vercel#23753
Closes vercel#15497

* Update next Link & Image components

* Ensure image-types file is included (vercel#26495)

* Update react & react-dom to v17

* Update tailwind to use jit

* v11.0.1-canary.8

* v11.0.1

* Don't test image domains in test env (vercel#26502)

fixes vercel#21549

Co-authored-by: JJ Kasper <jj@jjsweb.site>

* docs: updated minimum Node.js version (vercel#26528)

## Documentation / Examples

- [x] Make sure the linting passes


According to new requirements in `package.json` minimum Node.js version for now is 12.0

* Update next-env note in docs (vercel#26536)

This ensures we don't recommend editing the `next-env` file since we need to be able to tweak it to accept future types we add in Next.js


## Documentation / Examples

- [x] Make sure the linting passes

Closes: vercel#26533

* [examples] Fix ssr-caching example. (vercel#26540)

Closes vercel#12019 with a better example of proper SSR caching.

* Fix props not updating when changing the locale and keeping hash (vercel#26205)



Currently, there is only a `hashChangeStart` and subsequent `hashChangeComplete` event and no props update (which would be used to get translations, etc.).
Happy for any feedback

fixes vercel#23467

## Bug

- [x] Related issues linked using `fixes #number`
- [x] Integration tests added

## Feature

- [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Documentation added
- [ ] Telemetry added. In case of a feature if it's used or not.

## Documentation / Examples

- [ ] Make sure the linting passes

* Add note about adding additional types (vercel#26545)

* Add note about adding additional types

* Update to bold edit also

* Apply suggestions from code review

Co-authored-by: Steven <steven@ceriously.com>

* Allow user to override next-image-loader (vercel#26548)

In PR vercel#26281, we solved one use case but broke another.

This PR will allow the user to [override the built-in loader](vercel#26281 (comment)) via custom webpack config.

* v11.0.2-canary.0

* chore: Enable Alex documentation linting for error pages (vercel#26526)

* Update SWR example to include fetcher function. (vercel#26520)

* Previous example doesn't work

* Apply suggestions from code review

* Update docs/basic-features/data-fetching.md

* lint-fix

Co-authored-by: Lee Robinson <me@leerob.io>
Co-authored-by: JJ Kasper <jj@jjsweb.site>

* tailwind examps upgraded to v2.2 (vercel#26549)



## Documentation / Examples

- [x] Make sure the linting passes

* doc: prettify docs for next script (vercel#26572)



x-ref: vercel#26518 (comment)

## Documentation / Examples

- [x] Make sure the linting passes

* Add logging when a custom babelrc is loaded (vercel#26570)

Partially solves vercel#26539 by adding back the log output when a config file is used



## Bug

- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added

## Feature

- [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Documentation added
- [ ] Telemetry added. In case of a feature if it's used or not.

## Documentation / Examples

- [ ] Make sure the linting passes

* Add comment to not edit in next-env file (vercel#26573)

This adds a comment to the generated `next-env.d.ts` to mention it should not be edited pointing to the documentation which contains an example of adding custom types separately. 

x-ref: vercel#26560

## Documentation / Examples

- [x] Make sure the linting passes

* Separate node polyfill test from basic suite (vercel#26550)

* Separate node polyfill test from basic suite

* update test

* fix with-loading example for next 11 (vercel#26569)

## Documentation / Examples

- [X] Make sure the linting passes

This PR updates the with-loading example to follow the documentation of router events for next 11

* v11.0.2-canary.1

* Add trace url on bootup (vercel#26594)

* Add trace url on bootup

* Update whitelist -> accesslist

* Add name to webpack-invalidated

* v11.0.2-canary.2

* Add check for ObjectExpression when iterating on <link> tags for font optimization (vercel#26608)

Fixes vercel#26547



## Bug

- [x] Related issues linked using `fixes #number`
- [x] Integration tests added

## Feature

- [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Documentation added
- [ ] Telemetry added. In case of a feature if it's used or not.

## Documentation / Examples

- [ ] Make sure the linting passes

* Enable Alex documentation linting for docs (vercel#26598)

* Add link to live demo already hosted (vercel#25718)

* Add link to live demo already hosted

To make it easier for people to simply see the live example without having to deploy a whole new project

* update link


Co-authored-by: JJ Kasper <jj@jjsweb.site>

* Update next/image docs for relative parent with layout=fill. (vercel#26615)

vercel#18739 (reply in thread)

* Fix GSP redirect cache error (vercel#26627)

This makes sure we don't attempt flushing cache info to disk for `getStaticProps` `redirect` items with `revalidate`

Fixes: vercel#20816

## Bug

- [x] Related issues linked using `fixes #number`
- [x] Integration tests added

* Correct statusCode when visiting _error directly (vercel#26610)

This fixes non-stop reloading when visiting `_error` directly in development caused by the `statusCode` being 200 unexpectedly while HMR returns the page as `invalid` which triggers `on-demand-entries` to reload the page. 

## Bug

- [x] Related issues linked using `fixes #number`
- [x] Integration tests added

Fixes: vercel#8036
x-ref: vercel#8033

* fix: next dynamic with jest (vercel#26614)



Fixes vercel#19862

Avoid executing `webpack` property on `loadableGenerated` of loadable component compiled from `next/dynamic` when `require.resolveWeak` is unavailable due to jest runtime missing `require.resolveWeak`.

## Bug

- [x] Related issues linked using `fixes #number`
- [x] unit tests added

* Ensure API routes are not available under the locale (vercel#26629)

This ensures API routes are not available under the locale path since API routes don't need to be localized and we don't provide the locale to the API in any way currently so the user wouldn't be aware if the localized API route was visited instead of the non-localized. 

Fixes: vercel#25790

## Bug

- [x] Related issues linked using `fixes #number`
- [x] Integration tests added

* v11.0.2-canary.3

* Fix image content type octet stream 400 (vercel#26705)

Fixes vercel#23523 by adding image content type detection

## Bug

- [x] Related issues linked using `fixes #number`
- [x] Integration tests added

* Update layouts example to persist state across client-side transitions. (vercel#26706)

* Update layouts example

* Update examples/layout-component/components/layout.js

Co-authored-by: JJ Kasper <jj@jjsweb.site>

* Fix typo on "occured" to "occurred" (vercel#26709)

* fix: typo occured -> occurred

* fix: typo occured -> occurred

* fix: typo occured -> occurred

* fix: typo occured -> occurred

* lint-fix


Co-authored-by: JJ Kasper <jj@jjsweb.site>

* [ESLint] Adds --max-warnings flag to `next lint` (vercel#26697)

Adds `--max-warnings` flag to `next lint` to enable setting of a maximum warning threshold.

Fixes vercel#26671

* update with-redux-toolkit-typescript (vercel#26714)



## Bug

- [X] Related issues linked using `fixes vercel#26713 `

## Feature

- [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Documentation added
- [ ] Telemetry added. In case of a feature if it's used or not.

## Documentation / Examples

- [X] Make sure the linting passes

## Screenshots

After this small change the warning disappears.
![image](https://user-images.githubusercontent.com/47717492/123749377-fd56fb80-d8d2-11eb-8b70-dbb7f6f16050.png)

* Simplify `next-dev-server` implementation (vercel#26230)

`next-dev-server` having its own implementations of `renderToHTML` and `renderErrorToHTML` has historically made reasoning about streaming hard, as it adds additional places where status codes are explicitly set and the full HTML is blocked on.

Instead, this PR simplifies things considerably by moving the majority of the custom logic for e.g. hot reloading and on-demand compilation to when we're resolving the page to be loaded, rather than upfront when handling the request. It also cleans up a few other details (e.g. default error page rendering) that managed to creep into the base implementation over time.

One unfortunate side effect is that this makes compilation errors slightly more difficult. Previously, we'd render them directly. Now, we have to rethrow them. But since they've already been logged (by the watch pipeline), we have to make sure they don't get logged again.

* Update PR labeler action

* Simplify stats action (vercel#26751)

* Move code shared between server/client to "shared" folder (vercel#26734)

* Move next-server directory files to server directory (vercel#26756)

* Move next-server directory files to server directory

* Update tests

* Update paths in other places

* Support new hydrate API in latest react 18 alpha release (vercel#26664)

* fix: react 18 new hydration API

* support react 18

* compat latest react only, fix resolved version

* fix tests

* Some changes based on reactwg/react-18#5

* fix test

Co-authored-by: Tim Neutkens <timneutkens@me.com>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>

* Disable build-output size specific tests (vercel#26769)

* Disable build-output size specific tests

* remove size-limit test

* lint-fix

* Add upstream `max-age` to optimized image (vercel#26739)

This solves the main use case from Issue vercel#19914.

Previously, we would set the `Cache-Control` header to a constant and rely on the server cache. This would mean the browser would always request the image and the server could response with 304 Not Modified to omit the response body.

This PR changes the behavior such that the `max-age` will propagate from the upstream server to the Next.js Image Optimization Server and allow browser caching. ("upstream" meaning external server or just an internal route to an image)

This PR does not change the `max-age` for static imports which will remain `public, max-age=315360000, immutable`.

#### Pros:
- Fewer HTTP requests after initial browser visit
- User configurable `max-age` via the upstream image `Cache-Control` header

#### Cons:
- ~~Might be annoying for `next dev` when modifying a source image~~ (solved: use `max-age=0` for dev)
- Might cause browser to cache longer than expected (up to 2x longer than the server cache if requested in the last second before expiration)

## Bug

- [x] Related issues linked using `fixes #number`

* Fix blurred image position when using objectPosition (vercel#26590)



## Bug

fixes vercel#26309

## Documentation / Examples

see vercel#26309

- [ ] Make sure the linting passes

* Update azure tests (vercel#26779)

* Stabilize relay-analytics test (vercel#26782)

* Leverage blocked page for _error (vercel#26748)



## Enhance

simplify detection for visiting `_error`

x-ref: vercel#26610

* Update codeowners to add new maintainers (vercel#26770)

* examples: fix typo `lunix` → `linux` (vercel#26796)



## Bug

- [ ] ~~Related issues linked using `fixes #number`~~
- [ ] ~~Integration tests added~~

## Feature

- [ ] ~~Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.~~
- [ ] ~~Related issues linked using `fixes #number`~~
- [ ] ~~Integration tests added~~
- [ ] ~~Documentation added~~
- [ ] ~~Telemetry added. In case of a feature if it's used or not.~~

## Documentation / Examples

- [x] Make sure the linting passes

* Update repo scripts to separate folder (vercel#26787)

* fix: detect loop in client error page (vercel#26567)

Co-authored-by: Tobias Koppers <tobias.koppers@googlemail.com>
Co-authored-by: Tim Neutkens <tim@timneutkens.nl>

* Update snapshot for font-optimization test (vercel#26823)

This fixes the `font-optimization` test failing from the links/content changing slightly in the snapshot. 

## Bug

- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added

## Feature

- [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Documentation added
- [ ] Telemetry added. In case of a feature if it's used or not.

## Documentation / Examples

- [ ] Make sure the linting passes

* Add `onLoadingComplete()` prop to Image component (vercel#26824)

This adds a new prop, `onLoadingComplete()`, to handle the most common use case of `ref`.

I also added docs and a warning when using `ref` so we recommend the new prop instead.
 
- Fixes vercel#18398 
- Fixes vercel#22482

* Add "Vary: Accept" header to /_next/image responses (vercel#26788)

This pull request adds "Vary: Accept" header to responses from the image optimizer (i.e. the /_next/image endpoint).

The image optimizer prefers re-encoding JPG files to WebP, but some browsers (such as Safari 14 on Catalina) do not yet support WebP. In such cases the optimizer uses the Accept header sent by the browser to send out a JPG response. Thus the optimizer's response may depend on the Accept header.

Potential caching proxies can be informed of this fact by adding "Vary: Accept" to the response headers. Otherwise WebP data may be served to browsers that do not support it, for example in the following scenario:
 * A browser that supports WebP requests the JPG. The optimizer re-encodes it to WebP. The proxy caches the WebP data.
 * After this another browser that doesn't support WebP requests the JPG. The proxy sends the WebP data to the browser.

- [x] Integration tests added
- [x] Make sure the linting passes

* Fix using-preact example deps (vercel#26821)

Fix after vercel#26133

* Add additional tests for image type detection (vercel#26832)

Adding additional tests. Follow up to vercel#26705

* Fix immutable header for image with static import & unoptimized (vercel#26836)

Fixes vercel#26587

* Update `publish-canary` script to include checkout (vercel#26840)

* Update `publish-canary` script to include checkout

* Update contrib with publishing section

* v11.0.2-canary.4

* Make sure 404 pages do not get cached by a CDN when using next start (vercel#24983)

Co-authored-by: Jiachi Liu <inbox@huozhi.im>
Co-authored-by: JJ Kasper <jj@jjsweb.site>

* Update to environment-variable.md (vercel#26863)



## Bug

- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added

## Feature

- [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [x] Documentation added
- [ ] Telemetry added. In case of a feature if it's used or not.

## Documentation / Examples

- [ ] Make sure the linting passes

## Why the change
I lost quite a few hours figuring out why my environment variable was `undefined` in the browser.
I read about the built-in support and was like: "Oh nice" and didn't read much further. I missed the part about how you need to prefix your variables with `NEXT_PUBLIC_` in order to expose them to the browser.
I think a hint to this in the anchor link to that section will make it more discoverable as it's then mentioned near the top and will save people who are like me some time and a headache.

* Don't emit duplicate image files (vercel#26843)

fixes vercel#26607

This change makes it so the image loader plugin only emits a file while processing an image import for the client. The final generated image URL was already the same in SSR and CSR anyway, so this change doesn't have any functional impact.

I also changed the name of the static page in the image component tests, since it was causing some conflicts with the static assets folder.

* Add instructions on how to add nextjs.org/docs/messages urls (vercel#26865)

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>

* Rename example folder to with-notion

* Update references of example

* Reorder docs manifest and rename to Script Optimization. (vercel#26874)

So there's _conformance_ between the other docs / optimizations.

* Fix typo on "occured" to "occurred" (vercel#26876)

- Fix typo on "occured" to "occurred"

* Update README

Co-authored-by: Sam Robbins <samrobbinsgb@gmail.com>
Co-authored-by: Jiachi Liu <inbox@huozhi.im>
Co-authored-by: Peter Mekhaeil <4616064+petermekhaeil@users.noreply.github.com>
Co-authored-by: Rob Vermeer <rob@vermeertech.nl>
Co-authored-by: JJ Kasper <jj@jjsweb.site>
Co-authored-by: Brandon Bayer <b@bayer.ws>
Co-authored-by: Alex Castle <atcastle@gmail.com>
Co-authored-by: Vitaly Baev <ping@baev.dev>
Co-authored-by: Lee Robinson <me@leerob.io>
Co-authored-by: destruc7i0n <6181960+destruc7i0n@users.noreply.github.com>
Co-authored-by: Steven <steven@ceriously.com>
Co-authored-by: Joshua Byrd <phocks@gmail.com>
Co-authored-by: Pranav P <pranavkp.me@outlook.com>
Co-authored-by: Tim Neutkens <tim@timneutkens.nl>
Co-authored-by: John <john@rackles.io>
Co-authored-by: Tim Neutkens <timneutkens@me.com>
Co-authored-by: Vadorequest <ambroise.dhenain@gmail.com>
Co-authored-by: hiro <hiro0218@gmail.com>
Co-authored-by: Houssein Djirdeh <houssein@google.com>
Co-authored-by: Soham Shah <47717492+sohamsshah@users.noreply.github.com>
Co-authored-by: Gerald Monaco <gbmonaco@google.com>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
Co-authored-by: Nils Schönwald <nils@schoen.world>
Co-authored-by: D. Kasi Pavan Kumar <44864604+kasipavankumar@users.noreply.github.com>
Co-authored-by: Tobias Koppers <tobias.koppers@googlemail.com>
Co-authored-by: Joachim Viide <jviide@iki.fi>
Co-authored-by: Artur Sedlukha <sedlukha@icloud.com>
Co-authored-by: Paul van den Dool <paulvddool@msn.com>
Co-authored-by: hiro <hiroyuki.kikuchi@zozo.com>
@balazsorban44
Copy link
Member

This issue has been automatically locked due to no recent activity. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.

@vercel vercel locked as resolved and limited conversation to collaborators Jan 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.