fix: server functions x-forwarded-host possible multiple values #73701
+84
−18
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Allow CI Workflow Run
Note: this should only be enabled once the PR is ready to go and can only be enabled by a maintainer |
Netail
changed the title
Netail
force-pushed
the
fix/server-functions-x-forwarded-host
branch
from
3096cb7 to
3ea80a0
Compare
ijjk
reviewed
Dec 9, 2024
We can separate the host parsing to it's own function, then test this separately? |
|
That sounds good to me |
Netail
force-pushed
the
fix/server-functions-x-forwarded-host
branch
from
5a9f274 to
e1dffb4
Compare
|
Could this potentially be backported into v14? |
|
Sure, similar PR can be made agains the |
Stats from current PRDefault Build (Increase detected
|
| vercel/next.js canary | Netail/next.js fix/server-functions-x-forwarded-host | Change | |
|---|---|---|---|
| buildDuration | 27.8s | 26s | N/A |
| buildDurationCached | 24.1s | 20.3s | N/A |
| nodeModulesSize | 409 MB | 409 MB | |
| nextStartRea..uration (ms) | 835ms | 792ms | N/A |
Client Bundles (main, webpack)
| vercel/next.js canary | Netail/next.js fix/server-functions-x-forwarded-host | Change | |
|---|---|---|---|
| 1187-HASH.js gzip | 50.2 kB | 50.2 kB | N/A |
| 8276.HASH.js gzip | 169 B | 168 B | N/A |
| 8377-HASH.js gzip | 5.3 kB | 5.3 kB | N/A |
| bccd1874-HASH.js gzip | 53 kB | 53 kB | N/A |
| framework-HASH.js gzip | 57.5 kB | 57.5 kB | N/A |
| main-app-HASH.js gzip | 232 B | 235 B | N/A |
| main-HASH.js gzip | 33.8 kB | 33.7 kB | N/A |
| webpack-HASH.js gzip | 1.71 kB | 1.71 kB | N/A |
| Overall change | 0 B | 0 B | ✓ |
Legacy Client Bundles (polyfills)
| vercel/next.js canary | Netail/next.js fix/server-functions-x-forwarded-host | Change | |
|---|---|---|---|
| polyfills-HASH.js gzip | 39.4 kB | 39.4 kB | ✓ |
| Overall change | 39.4 kB | 39.4 kB | ✓ |
Client Pages
| vercel/next.js canary | Netail/next.js fix/server-functions-x-forwarded-host | Change | |
|---|---|---|---|
| _app-HASH.js gzip | 193 B | 193 B | ✓ |
| _error-HASH.js gzip | 193 B | 193 B | ✓ |
| amp-HASH.js gzip | 512 B | 510 B | N/A |
| css-HASH.js gzip | 343 B | 342 B | N/A |
| dynamic-HASH.js gzip | 1.84 kB | 1.84 kB | ✓ |
| edge-ssr-HASH.js gzip | 265 B | 265 B | ✓ |
| head-HASH.js gzip | 363 B | 362 B | N/A |
| hooks-HASH.js gzip | 393 B | 392 B | N/A |
| image-HASH.js gzip | 4.44 kB | 4.43 kB | N/A |
| index-HASH.js gzip | 268 B | 268 B | ✓ |
| link-HASH.js gzip | 2.35 kB | 2.34 kB | N/A |
| routerDirect..HASH.js gzip | 328 B | 328 B | ✓ |
| script-HASH.js gzip | 397 B | 397 B | ✓ |
| withRouter-HASH.js gzip | 323 B | 326 B | N/A |
| 1afbb74e6ecf..834.css gzip | 106 B | 106 B | ✓ |
| Overall change | 3.59 kB | 3.59 kB | ✓ |
Client Build Manifests
| vercel/next.js canary | Netail/next.js fix/server-functions-x-forwarded-host | Change | |
|---|---|---|---|
| _buildManifest.js gzip | 747 B | 745 B | N/A |
| Overall change | 0 B | 0 B | ✓ |
Rendered Page Sizes
| vercel/next.js canary | Netail/next.js fix/server-functions-x-forwarded-host | Change | |
|---|---|---|---|
| index.html gzip | 524 B | 523 B | N/A |
| link.html gzip | 538 B | 538 B | ✓ |
| withRouter.html gzip | 520 B | 520 B | ✓ |
| Overall change | 1.06 kB | 1.06 kB | ✓ |
Edge SSR bundle Size
| vercel/next.js canary | Netail/next.js fix/server-functions-x-forwarded-host | Change | |
|---|---|---|---|
| edge-ssr.js gzip | 128 kB | 128 kB | N/A |
| page.js gzip | 203 kB | 203 kB | N/A |
| Overall change | 0 B | 0 B | ✓ |
Middleware size
| vercel/next.js canary | Netail/next.js fix/server-functions-x-forwarded-host | Change | |
|---|---|---|---|
| middleware-b..fest.js gzip | 671 B | 668 B | N/A |
| middleware-r..fest.js gzip | 155 B | 156 B | N/A |
| middleware.js gzip | 31 kB | 31 kB | N/A |
| edge-runtime..pack.js gzip | 844 B | 844 B | ✓ |
| Overall change | 844 B | 844 B | ✓ |
Next Runtimes
| vercel/next.js canary | Netail/next.js fix/server-functions-x-forwarded-host | Change | |
|---|---|---|---|
| 523-experime...dev.js gzip | 322 B | 322 B | ✓ |
| 523.runtime.dev.js gzip | 314 B | 314 B | ✓ |
| app-page-exp...dev.js gzip | 322 kB | 322 kB | N/A |
| app-page-exp..prod.js gzip | 127 kB | 127 kB | N/A |
| app-page-tur..prod.js gzip | 140 kB | 140 kB | N/A |
| app-page-tur..prod.js gzip | 135 kB | 135 kB | N/A |
| app-page.run...dev.js gzip | 312 kB | 312 kB | N/A |
| app-page.run..prod.js gzip | 122 kB | 122 kB | N/A |
| app-route-ex...dev.js gzip | 37.1 kB | 37.1 kB | ✓ |
| app-route-ex..prod.js gzip | 25.1 kB | 25.1 kB | ✓ |
| app-route-tu..prod.js gzip | 25.1 kB | 25.1 kB | ✓ |
| app-route-tu..prod.js gzip | 24.9 kB | 24.9 kB | ✓ |
| app-route.ru...dev.js gzip | 38.7 kB | 38.7 kB | ✓ |
| app-route.ru..prod.js gzip | 24.9 kB | 24.9 kB | ✓ |
| pages-api-tu..prod.js gzip | 9.56 kB | 9.56 kB | ✓ |
| pages-api.ru...dev.js gzip | 11.4 kB | 11.4 kB | ✓ |
| pages-api.ru..prod.js gzip | 9.56 kB | 9.56 kB | ✓ |
| pages-turbo...prod.js gzip | 21.3 kB | 21.3 kB | ✓ |
| pages.runtim...dev.js gzip | 27 kB | 27 kB | ✓ |
| pages.runtim..prod.js gzip | 21.3 kB | 21.3 kB | ✓ |
| server.runti..prod.js gzip | 916 kB | 916 kB | ✓ |
| Overall change | 1.19 MB | 1.19 MB | ✓ |
build cache Overall increase ⚠️
| vercel/next.js canary | Netail/next.js fix/server-functions-x-forwarded-host | Change | |
|---|---|---|---|
| 0.pack gzip | 2.03 MB | 2.04 MB | |
| index.pack gzip | 71.9 kB | 72.4 kB | |
| Overall change | 2.11 MB | 2.11 MB |
Diff details
Diff for main-HASH.js
Diff too large to display
Diff for app-page-exp..ntime.dev.js
Diff too large to display
Diff for app-page-exp..time.prod.js
Diff too large to display
Diff for app-page-tur..time.prod.js
Diff too large to display
Diff for app-page-tur..time.prod.js
Diff too large to display
Diff for app-page.runtime.dev.js
Diff too large to display
Diff for app-page.runtime.prod.js
Diff too large to display
|
|
Failing test suitesCommit: 2cf36e2
Expand output● Cleaning distDir › production mode › should clean up .next before build start ● Cleaning distDir › production mode › disabled write › should not clean up .next before build start Read more about building and testing Next.js in contributing.md.
Expand output● socket-io › should support socket.io without falling back to polling Read more about building and testing Next.js in contributing.md.
Expand output● ReactRefreshLogBox app default › server component can recover from error thrown in the module Read more about building and testing Next.js in contributing.md. |
|
Alright, so basically a Apache proxy prepends the host to the current value (comma separated), so will add that use case too https://sources.debian.org/src/apache2/2.4.62-6/modules/proxy/proxy_util.c/#L4755 |
|
Should be good to go :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The x-forwarded-host header can be an array (
string | string[] | undefined), which used to be casted tostring | undefined. So when comparing the origin vs the x-forwarded-host, it ends up comparing an array to a string. Resulting in the following error;