refactor(app-rsc): extract response finalisation into server/app-rsc-response-finalizer

[NathanDrake2406]

Based on #1034

What this changes

Extracts the App Router response finalisation step from an inline template string in the generated handler() function into a dedicated typed module: server/app-rsc-response-finalizer.ts.

The extracted module owns:

• Skipping 3xx redirect responses. Response.redirect() creates immutable Headers that throw TypeError: Cannot modify immutable headers on write. Next.js also excludes config headers from redirects.
• Segment-wise pathname normalisation before pattern matching (decode + collapse).
• basePath stripping at a segment boundary before matching config header sources.
• Applying matched config headers via applyConfigHeadersToResponse without overwriting middleware-set headers.

The generated entry is reduced to a single delegation call.

Why

Every response variant (page, route handler, server action, metadata, not-found) passes through handler(). The shared finalisation logic lived in a template string with no direct tests and no reuse path. Per the architecture rule: codegen describes app shape; normal modules implement behaviour.

Bug fixed in the same change: the inline basePath strip used pathname.startsWith(basePath), which is a string-prefix match. /app2/page with basePath=/app would be incorrectly stripped to /2/page, potentially causing wrong config headers to apply. stripBasePath() enforces a path-separator boundary.

Refs #1020.

Approach

New module imports from existing typed helpers only:

• applyConfigHeadersToResponse from server/request-pipeline.ts (source)
• stripBasePath from utils/base-path.ts for segment-boundary correctness
• normalizePath + normalizePathnameForRouteMatch for pathname normalisation

Generated entry drops two imports (applyConfigHeadersToResponse, normalizePathnameForRouteMatch) that are now internal to the helper.

Validation

New test file tests/app-rsc-response-finalizer.test.ts — 10 tests covering:

• Header applied to 200 response
• configHeaders: [] is a no-op (returns same response object)
• Source pattern miss leaves response untouched
• Immutable 307 (Response.redirect()) does not throw
• Mutable 308 response does not get config headers applied
• basePath stripped before source matching
• basePath segment-boundary correctness (regression for the startsWith bug)
• Nested basePath stripped correctly
• has-condition match applies header
• has-condition miss skips header

Entry template snapshot updated automatically by pre-commit hook. vp check clean.

Risks / follow-ups

• mergeMiddlewareResponseHeaders in the plain-text 404 path inside _handleRequest is not yet moved; that path is simpler and lower risk. Can be a follow-up if desired.
• The module currently has one caller (the generated App Router entry). The Pages Router production server (server/prod-server.ts) has its own header finalisation path that is separately out of scope for this PR.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/vinext@1035

commit: d5e9b24

[james-elicx]

/bigbonk review

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[ask-bonk]

Clean extraction that follows the established pattern of moving runtime behavior out of generated entry templates into typed, testable modules. Verified all 10 tests pass, the modified app-router snapshot test passes, and no dangling references remain from removed imports.

The basePath segment-boundary bug fix (startsWith -> stripBasePath) is a real correctness improvement — good catch.

One minor observation below (not blocking).

[ask-bonk]

The old inline code had a null guard: if (response && response.headers && ...). This extraction drops it, typing response as Response (non-nullable).

I verified this is correct — _handleRequest has exhaustive return paths and always returns a Response. The old guard was defensive coding in untyped generated JS, and the typed module properly eliminates it.

Just noting for posterity that this was checked.

[ask-bonk]

Nit: the comment on line 50 mentions normalizePathnameForRouteMatchStrict but the function called here is normalizePathnameForRouteMatch (non-strict). The strict variant is used earlier in the request pipeline for the 400 response. The comment is accurate about why the catch is safe (the strict check already ran), but the naming mismatch could confuse a future reader skimming this file.

Consider:

Suggested change

	pathname = normalizePath(normalizePathnameForRouteMatch(url.pathname));
	pathname = normalizePath(normalizePathnameForRouteMatch(url.pathname));
	} catch {
	// Malformed percent-encoding. The earlier request normalisation step
	// (normalizePathnameForRouteMatchStrict in app-rsc-request-normalization)
	// already returned 400 for truly-malformed paths. This catch exists as a
	// safety net for edge cases; keep the historical raw-path fallback rather
	// than crashing the response.

[ask-bonk]

Review submitted with approval. Here's a summary of what I found:

Approved. This is a well-executed extraction that moves response finalisation logic from an inline template string in the generated RSC entry into a dedicated typed module (server/app-rsc-response-finalizer.ts), following the architecture guideline that generated code should be thin glue while normal modules implement behavior.

Key findings:

• The basePath segment-boundary bug fix (startsWith -> stripBasePath) is a real correctness improvement — the old code would incorrectly strip /app from /app2/page
• The removal of the response && response.headers null guard is safe — I verified that _handleRequest has exhaustive return paths and always returns a Response
• All 10 new tests pass, the modified snapshot test passes, and no dangling references remain from the removed imports
• One minor suggestion: the catch comment references normalizePathnameForRouteMatchStrict by name but the function called is normalizePathnameForRouteMatch — a small clarification would help future readers

github run