Custom HTTP headers, set by the headers
key in next.config.js
or utilized by the NextResponse
API in middleware.ts
, are absent in Fastly.
Node version: 20.9.0
- Clone this repo
- Install dependencies:
npm install && npm install @fastly/next-compute-js@alpha
- Run in dev mode:
npm run dev
- Open Chrome DevTools in Google Chrome and click the Network tab
- Go to http://localhost:3000
- Click on the localhost entry in the Network Log table. You will notice that the custom headers, X-Hello-From-Middleware and X-Hello-From-Next-Config, are present in the 'Response Headers' section under the 'Headers' tab.
- Run in production mode:
npm run build && npm run start
- Custom HTTP header's are still present
- Run with Fastly:
npm run fastly-serve
- Go to http://localhost:7676 and notice that the custom HTTP headers are absent
Without custom headers, one cannot implement HTTP security headers to protect against a range of common web application vulnerabilities.