Skip to content

feat: add static function middleware support of basepath #5970

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+3 −1
Open

feat: add static function middleware support of basepath #5970

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion packages/start-static-server-functions/src/staticFunctionMiddleware.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,9 @@ const fetchItem = async ({

let result: any = staticClientCache?.get(url)

result = await fetch(url, {
const basePath = process.env.TSS_ROUTER_BASEPATH!
const prefixedUrl = path.join(basePath, url)
result = await fetch(prefixedUrl, {
Comment on lines +119 to +121
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Use proper URL construction instead of path.join(), and validate the environment variable.

There are several critical issues with this implementation:

  1. Incorrect API: path.join() is for filesystem paths, not URLs. It has OS-specific behavior (e.g., Windows uses backslashes) and doesn't handle URL semantics correctly.

  2. Missing validation: The non-null assertion on process.env.TSS_ROUTER_BASEPATH will cause a runtime error if the variable is undefined, and path.join(undefined, url) will fail.

  3. Type safety: This violates TypeScript strict mode guidelines by using non-null assertion without validation.

Apply this diff to fix the URL construction and add proper validation:

- const basePath = process.env.TSS_ROUTER_BASEPATH!
- const prefixedUrl = path.join(basePath, url)
- result = await fetch(prefixedUrl, {
+ const basePath = process.env.TSS_ROUTER_BASEPATH || ''
+ const prefixedUrl = basePath
+   ? `${basePath.replace(/\/$/, '')}${url}`
+   : url
+ result = await fetch(prefixedUrl, {

Alternatively, if you need more robust URL handling:

- const basePath = process.env.TSS_ROUTER_BASEPATH!
- const prefixedUrl = path.join(basePath, url)
- result = await fetch(prefixedUrl, {
+ const basePath = process.env.TSS_ROUTER_BASEPATH || ''
+ const prefixedUrl = basePath
+   ? new URL(url, new URL(basePath, 'http://dummy')).pathname
+   : url
+ result = await fetch(prefixedUrl, {
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
const basePath = process.env.TSS_ROUTER_BASEPATH!
const prefixedUrl = path.join(basePath, url)
result = await fetch(prefixedUrl, {
const basePath = process.env.TSS_ROUTER_BASEPATH || ''
const prefixedUrl = basePath
? `${basePath.replace(/\/$/, '')}${url}`
: url
result = await fetch(prefixedUrl, {
🤖 Prompt for AI Agents 
In packages/start-static-server-functions/src/staticFunctionMiddleware.ts around
lines 119 to 121, the code wrongly uses path.join and non-null assertion for
building the fetch URL; validate that process.env.TSS_ROUTER_BASEPATH is defined
(throw or return a clear error if not), construct the URL using the WHATWG URL
API (e.g., new URL(url, base) or url.resolve equivalent) to correctly combine
base and relative paths, and remove the non-null assertion so TypeScript
enforces the runtime check; ensure the resulting string passed to fetch is a
fully-qualified URL.

method: 'GET',
})
.then((r) => r.json())
Expand Down
Loading