starred/vinext
1
0
Fork 0
mirror of https://github.com/cloudflare/vinext.git synced 2026-05-09 00:09:23 +02:00
Code Issues 101 Projects Packages Wiki Activity

[PR #887] fix(shims): skip body copy for GET/HEAD in NextRequest constructor #919

New issue
Open
opened 2026-05-06 13:10:50 +02:00 by BreizhHardware · 0 comments
BreizhHardware commented 2026-05-06 13:10:50 +02:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/cloudflare/vinext/pull/887
Author: @agm151515
Created: 4/24/2026
Status: 🔄 Open

Base: mainHead: fix/nextrequest-skip-body-for-get-head

📝 Commits (1)

  • dc04a22 fix(shims): skip body copy for GET/HEAD in NextRequest constructor

📊 Changes

2 files changed (+48 additions, -3 deletions)

View changed files

📝 packages/vinext/src/shims/server.ts (+7 -3)
📝 tests/shims.test.ts (+41 -0)

📄 Description

Summary

When NextRequest is constructed from an existing Request, its
constructor forwards body: req.body to super() unconditionally.
The Fetch spec (and workerd) throw
TypeError: Request with a GET or HEAD method cannot have a body.
whenever init.body is non-null and the method is GET/HEAD.

In Cloudflare Workers, incoming GET/HEAD requests expose
request.body as a non-null ReadableStream whenever the request
carries Content-Length or Transfer-Encoding framing. That happens
in the wild — e.g. some email image-proxy fetchers of tracking pixels
send GET with a Content-Length header — so the proxy/middleware
block in the generated RSC entry throws on every affected request,
logs [vinext] Middleware error: TypeError: …, and returns 500.

Reproduced via wrangler dev --local against a minimal worker:

GET / (normal, no framing)         → request.body === null,  NextRequest OK
GET / Content-Length: 5, body=hi   → request.body === stream, NextRequest THREW
HEAD / Transfer-Encoding: chunked  → request.body === stream, NextRequest THREW

Fix gates body/duplex behind a method check. Behavior for
POST/PUT/PATCH/DELETE etc. is unchanged.

Test plan

  • New regression test in tests/shims.test.ts reproduces the bug
    in Node (by overriding body on a normal Request via
    Object.defineProperty) — fails before the fix, passes after.
  • Existing NextRequest tests still pass (pnpm test:unit -t NextRequest → 21 passed).
  • Full unit suite passes (pnpm test:unit → 2971/2971).
  • pnpm fmt:check and pnpm lint clean on modified files.

Downstream context for maintainers: this was observed in production on
scoregap.com with vinext 0.0.43. Filed locally as GitHub issue #35 in
our app repo. Happy to adjust style/commit-msg to match project
conventions.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/cloudflare/vinext/pull/887 **Author:** [@agm151515](https://github.com/agm151515) **Created:** 4/24/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `fix/nextrequest-skip-body-for-get-head` --- ### 📝 Commits (1) - [`dc04a22`](https://github.com/cloudflare/vinext/commit/dc04a22ad5fbc0d93b81551def3e7abd4f27d344) fix(shims): skip body copy for GET/HEAD in NextRequest constructor ### 📊 Changes **2 files changed** (+48 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `packages/vinext/src/shims/server.ts` (+7 -3) 📝 `tests/shims.test.ts` (+41 -0) </details> ### 📄 Description ## Summary When `NextRequest` is constructed from an existing `Request`, its constructor forwards `body: req.body` to `super()` unconditionally. The Fetch spec (and workerd) throw `TypeError: Request with a GET or HEAD method cannot have a body.` whenever `init.body` is non-null and the method is `GET`/`HEAD`. In Cloudflare Workers, incoming `GET`/`HEAD` requests expose `request.body` as a **non-null** `ReadableStream` whenever the request carries `Content-Length` or `Transfer-Encoding` framing. That happens in the wild — e.g. some email image-proxy fetchers of tracking pixels send `GET` with a `Content-Length` header — so the proxy/middleware block in the generated RSC entry throws on every affected request, logs `[vinext] Middleware error: TypeError: …`, and returns 500. Reproduced via `wrangler dev --local` against a minimal worker: ``` GET / (normal, no framing) → request.body === null, NextRequest OK GET / Content-Length: 5, body=hi → request.body === stream, NextRequest THREW HEAD / Transfer-Encoding: chunked → request.body === stream, NextRequest THREW ``` Fix gates `body`/`duplex` behind a method check. Behavior for `POST`/`PUT`/`PATCH`/`DELETE` etc. is unchanged. ## Test plan - [x] New regression test in `tests/shims.test.ts` reproduces the bug in Node (by overriding `body` on a normal Request via `Object.defineProperty`) — fails before the fix, passes after. - [x] Existing `NextRequest` tests still pass (`pnpm test:unit -t NextRequest` → 21 passed). - [x] Full unit suite passes (`pnpm test:unit` → 2971/2971). - [x] `pnpm fmt:check` and `pnpm lint` clean on modified files. Downstream context for maintainers: this was observed in production on scoregap.com with vinext 0.0.43. Filed locally as GitHub issue #35 in our app repo. Happy to adjust style/commit-msg to match project conventions. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
alt/prerender-rsc-sidechannel
codex/pages-router-suite-main
claude/dev-socket-emit-patch
james/wip-agent-test
codex/fix-wrangler-suspense-streaming
hrushikesh/add-semgrep-oss-workflow
fix/preload-link-header-uses-served-url
fix/isr-always-mark-dynamic-with-searchparams
fix/strip-set-cookie-from-app-route-isr-cache-clean
fix/app-pages-fallback-sees-middleware-overrides-v2
opencode/misty-river
opencode/calm-meadow
codex/pages-router-cjs-node-modules
codex/refresh-ai-docs-vp-vite8
fix/suspense-flash-navigation-639
fix/issue-589
fix/route-handler-dynamic-detection-v3
fix/route-handler-dynamic-detection-v2
fix/route-handler-dynamic-detection
opencode/quiet-nebula
fix/include-query-in-route-handler-isr-key
fix/block-dangerous-uri-schemes
fix/use-post-middleware-context-for-headers
opencode/playful-mountain
opencode/quiet-sailor
feat/payload-cms-fixture
feat/static-prerender-build
opencode/cosmic-knight
fix/isr-stream-tee-no-double-render
codex/wrangler-auth-ux
docs/update-contributing
improve/vitest-workspace-split
feat/auto-pr-review
docs/skills-field-learnings
feat/nuqs-e2e-clean
feat/next-font-implementation
fix/rsc-navigation-credentials
chonky-list
fix/cli-version
ci/commit-version-bump
ci/publish-chat-notification
opencode/mighty-mountain
fix/rsc-optimizedeps-react-server
v0.0.49
v0.0.48
v0.0.47
v0.0.46
v0.0.45
v0.0.44
v0.0.43
v0.0.42
v0.0.41
v0.0.40
v0.0.39
v0.0.38
v0.0.37
v0.0.36
v0.0.35
v0.0.34
v0.0.33
v0.0.32
v0.0.31
v0.0.30
v0.0.29
v0.0.28
v0.0.27
v0.0.26
v0.0.25
v0.0.24
v0.0.23
v0.0.22
v0.0.21
v0.0.20
v0.0.19
v0.0.18
v0.0.17
v0.0.16
v0.0.15
v0.0.14
v0.0.13
v0.0.12
v0.0.11
v0.0.10
v0.0.9
v0.0.8
v0.0.7
v0.0.6
Labels
Clear labels   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
nextjs-tracking

   
nextjs-tracking

   
pull-request
Mirrored from GitHub Pull Request

No labels
enhancement
enhancement
good first issue
help wanted
nextjs-tracking
nextjs-tracking
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vinext#919
No description provided.