[PR #111] [MERGED] fix: fetch cache key generation — handle all body types, include all headers minus blocklist #319

New issue

Closed

opened 2026-05-06 12:39:10 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented 2026-05-06 12:39:10 +02:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/cloudflare/vinext/pull/111
Author: @threepointone
Created: 2/26/2026
Status: ✅ Merged
Merged: 2/26/2026
Merged by: @threepointone

Base: main ← Head: fix/fetch-cache-key-generation

---

📝 Commits (3)

• b420216 fix: fetch cache key generation — handle all body types, include all headers minus blocklist
• 84a5ca7 Improve fetch cache key generation
• 3d5c73d PR #111 approved. 52 tests pass, 3 fixes correct.

📊 Changes

3 files changed (+871 additions, -266 deletions)

View changed files

📝 packages/vinext/src/shims/fetch-cache.ts (+163 -56)
📝 tests/fetch-cache.test.ts (+414 -8)
📝 tests/fixtures/pages-basic/dist/server/entry.js (+294 -202)

📄 Description

Summary

Fixes two bugs in the fetch cache key generation and adds a third bug fix discovered during review.

Bug 1: Binary/FormData bodies ignored in cache key

buildFetchCacheKey only handled string bodies. Requests with Uint8Array, ReadableStream, FormData, Blob, or URLSearchParams bodies all produced the same cache key regardless of body content — causing incorrect cache hits.

Fix: serializeBody() now handles all BodyInit types. buildFetchCacheKey is now async to support stream/blob consumption.

Bug 2: Header inclusion strategy inverted vs Next.js

We used an allowlist of 3 auth headers (authorization, cookie, x-api-key). Next.js uses a blocklist (traceparent, tracestate) and includes everything else. This meant headers like Accept, Accept-Language, and custom headers were ignored — different requests could incorrectly share cache entries.

Fix: Switched to blocklist approach matching Next.js. All headers are now included in the cache key except W3C trace context headers.

Bug 3: Consumed stream body sent to network (found during review)

After serializeBody consumed a ReadableStream body for cache key generation, the spent stream was still passed to originalFetch(). The reconstructed body (_ogBody) was stashed but never restored.

Fix: stripNextFromInit now restores _ogBody as the body before passing to originalFetch.

Additional improvements

• Cache key includes mode, redirect, credentials, referrer, referrerPolicy, integrity, cache from RequestInit
• Key is SHA-256 hashed (matching Next.js) with CACHE_KEY_PREFIX = "v1" for future cache-busting
• URLSearchParams handled separately from FormData (different APIs)

Tests

19 new tests (52 total):

• 7 body type cache key tests (string, Uint8Array, Blob, FormData, ReadableStream)
• 6 header inclusion tests (Accept, custom headers, trace header exclusion, order independence)
• 4 body restoration tests (verify originalFetch gets usable body after key generation)
• 2 URLSearchParams tests

Not breaking

All changes are internal. Public API unchanged. Only user-visible effect: one-time cold cache after upgrade (new key format).

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/cloudflare/vinext/pull/111 **Author:** [@threepointone](https://github.com/threepointone) **Created:** 2/26/2026 **Status:** ✅ Merged **Merged:** 2/26/2026 **Merged by:** [@threepointone](https://github.com/threepointone) **Base:** `main` ← **Head:** `fix/fetch-cache-key-generation` --- ### 📝 Commits (3) - [`b420216`](https://github.com/cloudflare/vinext/commit/b42021660302940268da26b3fd7500ccc76e55c0) fix: fetch cache key generation — handle all body types, include all headers minus blocklist - [`84a5ca7`](https://github.com/cloudflare/vinext/commit/84a5ca76f7250b7995bf87d39532b4e8943b8fd3) Improve fetch cache key generation - [`3d5c73d`](https://github.com/cloudflare/vinext/commit/3d5c73d4eb014bd37b74af23871660955abc8091) PR #111 approved. 52 tests pass, 3 fixes correct. ### 📊 Changes **3 files changed** (+871 additions, -266 deletions) <details> <summary>View changed files</summary> 📝 `packages/vinext/src/shims/fetch-cache.ts` (+163 -56) 📝 `tests/fetch-cache.test.ts` (+414 -8) 📝 `tests/fixtures/pages-basic/dist/server/entry.js` (+294 -202) </details> ### 📄 Description ## Summary Fixes two bugs in the fetch cache key generation and adds a third bug fix discovered during review. ### Bug 1: Binary/FormData bodies ignored in cache key `buildFetchCacheKey` only handled `string` bodies. Requests with `Uint8Array`, `ReadableStream`, `FormData`, `Blob`, or `URLSearchParams` bodies all produced the same cache key regardless of body content — causing incorrect cache hits. **Fix:** `serializeBody()` now handles all `BodyInit` types. `buildFetchCacheKey` is now async to support stream/blob consumption. ### Bug 2: Header inclusion strategy inverted vs Next.js We used an **allowlist** of 3 auth headers (`authorization`, `cookie`, `x-api-key`). Next.js uses a **blocklist** (`traceparent`, `tracestate`) and includes everything else. This meant headers like `Accept`, `Accept-Language`, and custom headers were ignored — different requests could incorrectly share cache entries. **Fix:** Switched to blocklist approach matching Next.js. All headers are now included in the cache key except W3C trace context headers. ### Bug 3: Consumed stream body sent to network (found during review) After `serializeBody` consumed a `ReadableStream` body for cache key generation, the spent stream was still passed to `originalFetch()`. The reconstructed body (`_ogBody`) was stashed but never restored. **Fix:** `stripNextFromInit` now restores `_ogBody` as the body before passing to `originalFetch`. ### Additional improvements - Cache key includes `mode`, `redirect`, `credentials`, `referrer`, `referrerPolicy`, `integrity`, `cache` from `RequestInit` - Key is SHA-256 hashed (matching Next.js) with `CACHE_KEY_PREFIX = "v1"` for future cache-busting - `URLSearchParams` handled separately from `FormData` (different APIs) ### Tests 19 new tests (52 total): - 7 body type cache key tests (string, Uint8Array, Blob, FormData, ReadableStream) - 6 header inclusion tests (Accept, custom headers, trace header exclusion, order independence) - 4 body restoration tests (verify `originalFetch` gets usable body after key generation) - 2 URLSearchParams tests ### Not breaking All changes are internal. Public API unchanged. Only user-visible effect: one-time cold cache after upgrade (new key format). --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

BreizhHardware 2026-05-06 12:39:10 +02:00

• closed this issue
• added the
  pull-request
  label

BreizhHardware referenced this issue 2026-05-06 13:08:16 +02:00

[PR #319] [MERGED] test: add unit tests for next/document shim #475

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

alt/prerender-rsc-sidechannel

codex/pages-router-suite-main

claude/dev-socket-emit-patch

james/wip-agent-test

codex/fix-wrangler-suspense-streaming

hrushikesh/add-semgrep-oss-workflow

fix/preload-link-header-uses-served-url

fix/isr-always-mark-dynamic-with-searchparams

fix/strip-set-cookie-from-app-route-isr-cache-clean

fix/app-pages-fallback-sees-middleware-overrides-v2

opencode/misty-river

opencode/calm-meadow

codex/pages-router-cjs-node-modules

codex/refresh-ai-docs-vp-vite8

fix/suspense-flash-navigation-639

fix/issue-589

fix/route-handler-dynamic-detection-v3

fix/route-handler-dynamic-detection-v2

fix/route-handler-dynamic-detection

opencode/quiet-nebula

fix/include-query-in-route-handler-isr-key

fix/block-dangerous-uri-schemes

fix/use-post-middleware-context-for-headers

opencode/playful-mountain

opencode/quiet-sailor

feat/payload-cms-fixture

feat/static-prerender-build

opencode/cosmic-knight

fix/isr-stream-tee-no-double-render

codex/wrangler-auth-ux

docs/update-contributing

improve/vitest-workspace-split

feat/auto-pr-review

docs/skills-field-learnings

feat/nuqs-e2e-clean

feat/next-font-implementation

fix/rsc-navigation-credentials

chonky-list

fix/cli-version

ci/commit-version-bump

ci/publish-chat-notification

opencode/mighty-mountain

fix/rsc-optimizedeps-react-server

v0.0.49

v0.0.48

v0.0.47

v0.0.46

v0.0.45

v0.0.44

v0.0.43

v0.0.42

v0.0.41

v0.0.40

v0.0.39

v0.0.38

v0.0.37

v0.0.36

v0.0.35

v0.0.34

v0.0.33

v0.0.32

v0.0.31

v0.0.30

v0.0.29

v0.0.28

v0.0.27

v0.0.26

v0.0.25

v0.0.24

v0.0.23

v0.0.22

v0.0.21

v0.0.20

v0.0.19

v0.0.18

v0.0.17

v0.0.16

v0.0.15

v0.0.14

v0.0.13

v0.0.12

v0.0.11

v0.0.10

v0.0.9

v0.0.8

v0.0.7

v0.0.6

Labels

Clear labels   

enhancement

  

enhancement

  

good first issue

  

help wanted

  

nextjs-tracking

  

nextjs-tracking

  

pull-request

Mirrored from GitHub Pull Request

No labels

enhancement

enhancement

good first issue

help wanted

nextjs-tracking

nextjs-tracking

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vinext#319

No description provided.