starred/vinext
1
0
Fork 0
mirror of https://github.com/cloudflare/vinext.git synced 2026-05-09 08:25:34 +02:00
Code Issues 101 Projects Packages Wiki Activity

[PR #817] [CLOSED] fix: apply middleware request-header overrides before App->Pages fallback #868

New issue
Closed
opened 2026-05-06 13:10:33 +02:00 by BreizhHardware · 0 comments
BreizhHardware commented 2026-05-06 13:10:33 +02:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/cloudflare/vinext/pull/817
Author: @southpolesteve
Created: 4/10/2026
Status: Closed

Base: mainHead: fix/app-pages-fallback-sees-middleware-overrides-v2

📝 Commits (2)

  • 4f016bf fix: apply middleware request-header overrides before App->Pages fallback
  • 3182d82 fix: rebuild App->Pages fallback request with middleware overrides and regen snapshots

📊 Changes

3 files changed (+43 additions, -1 deletions)

View changed files

📝 packages/vinext/src/entries/app-rsc-entry.ts (+18 -1)
📝 tests/__snapshots__/entry-templates.test.ts.snap (+6 -0)
📝 tests/app-router.test.ts (+19 -0)

📄 Description

Summary

In mixed App+Pages projects, the App Router production fallback now rebuilds the request from middleware request-header overrides before delegating to Pages SSR.

Details

Middleware request-header overrides were already applied to:

  • App page rendering
  • App Route handlers

But the App Router production fallback still delegated to renderPage() with the original Request object. That meant a Pages route reached via App->Pages fallback could still see the original Authorization / Cookie headers in getServerSideProps, even when middleware had deleted them and injected trusted replacement headers.

This change:

  • rebuilds the fallback request with buildRequestHeadersFromMiddlewareResponse() using the preserved middleware request-header payload
  • passes that rebuilt request into renderPage()
  • keeps passing the preserved middleware header payload into the existing middlewareHeaders parameter

Tests

Adds a production-only regression test verifying that /pages-header-override-delete in a mixed App+Pages project sees:

  • authorization: null
  • cookie: null
  • x-from-middleware: hello-from-middleware

before getServerSideProps runs.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/cloudflare/vinext/pull/817 **Author:** [@southpolesteve](https://github.com/southpolesteve) **Created:** 4/10/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `fix/app-pages-fallback-sees-middleware-overrides-v2` --- ### 📝 Commits (2) - [`4f016bf`](https://github.com/cloudflare/vinext/commit/4f016bf89c9a729b99e7eab3b0c0538497000123) fix: apply middleware request-header overrides before App->Pages fallback - [`3182d82`](https://github.com/cloudflare/vinext/commit/3182d82576f17f7acff5d193ddcc39a746805663) fix: rebuild App->Pages fallback request with middleware overrides and regen snapshots ### 📊 Changes **3 files changed** (+43 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `packages/vinext/src/entries/app-rsc-entry.ts` (+18 -1) 📝 `tests/__snapshots__/entry-templates.test.ts.snap` (+6 -0) 📝 `tests/app-router.test.ts` (+19 -0) </details> ### 📄 Description ## Summary In mixed App+Pages projects, the App Router production fallback now rebuilds the request from middleware request-header overrides before delegating to Pages SSR. ## Details Middleware request-header overrides were already applied to: - App page rendering - App Route handlers But the App Router production fallback still delegated to `renderPage()` with the original `Request` object. That meant a Pages route reached via App->Pages fallback could still see the original `Authorization` / `Cookie` headers in `getServerSideProps`, even when middleware had deleted them and injected trusted replacement headers. This change: - rebuilds the fallback request with `buildRequestHeadersFromMiddlewareResponse()` using the preserved middleware request-header payload - passes that rebuilt request into `renderPage()` - keeps passing the preserved middleware header payload into the existing `middlewareHeaders` parameter ## Tests Adds a production-only regression test verifying that `/pages-header-override-delete` in a mixed App+Pages project sees: - `authorization: null` - `cookie: null` - `x-from-middleware: hello-from-middleware` before `getServerSideProps` runs. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
BreizhHardware 2026-05-06 13:10:33 +02:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
alt/prerender-rsc-sidechannel
codex/pages-router-suite-main
claude/dev-socket-emit-patch
james/wip-agent-test
codex/fix-wrangler-suspense-streaming
hrushikesh/add-semgrep-oss-workflow
fix/preload-link-header-uses-served-url
fix/isr-always-mark-dynamic-with-searchparams
fix/strip-set-cookie-from-app-route-isr-cache-clean
fix/app-pages-fallback-sees-middleware-overrides-v2
opencode/misty-river
opencode/calm-meadow
codex/pages-router-cjs-node-modules
codex/refresh-ai-docs-vp-vite8
fix/suspense-flash-navigation-639
fix/issue-589
fix/route-handler-dynamic-detection-v3
fix/route-handler-dynamic-detection-v2
fix/route-handler-dynamic-detection
opencode/quiet-nebula
fix/include-query-in-route-handler-isr-key
fix/block-dangerous-uri-schemes
fix/use-post-middleware-context-for-headers
opencode/playful-mountain
opencode/quiet-sailor
feat/payload-cms-fixture
feat/static-prerender-build
opencode/cosmic-knight
fix/isr-stream-tee-no-double-render
codex/wrangler-auth-ux
docs/update-contributing
improve/vitest-workspace-split
feat/auto-pr-review
docs/skills-field-learnings
feat/nuqs-e2e-clean
feat/next-font-implementation
fix/rsc-navigation-credentials
chonky-list
fix/cli-version
ci/commit-version-bump
ci/publish-chat-notification
opencode/mighty-mountain
fix/rsc-optimizedeps-react-server
v0.0.49
v0.0.48
v0.0.47
v0.0.46
v0.0.45
v0.0.44
v0.0.43
v0.0.42
v0.0.41
v0.0.40
v0.0.39
v0.0.38
v0.0.37
v0.0.36
v0.0.35
v0.0.34
v0.0.33
v0.0.32
v0.0.31
v0.0.30
v0.0.29
v0.0.28
v0.0.27
v0.0.26
v0.0.25
v0.0.24
v0.0.23
v0.0.22
v0.0.21
v0.0.20
v0.0.19
v0.0.18
v0.0.17
v0.0.16
v0.0.15
v0.0.14
v0.0.13
v0.0.12
v0.0.11
v0.0.10
v0.0.9
v0.0.8
v0.0.7
v0.0.6
Labels
Clear labels   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
nextjs-tracking

   
nextjs-tracking

   
pull-request
Mirrored from GitHub Pull Request

No labels
enhancement
enhancement
good first issue
help wanted
nextjs-tracking
nextjs-tracking
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vinext#868
No description provided.