Incorrect X-Forwarded-Proto header #52266
Description
Verify canary release
- I verified that the issue exists in the latest Next.js canary release
Provide environment information
Operating System:
Platform: darwin
Arch: arm64
Version: Darwin Kernel Version 22.5.0: Thu Jun 8 22:22:19 PDT 2023; root:xnu-8796.121.3~7/RELEASE_ARM64_T8103
Binaries:
Node: 16.20.0
npm: 8.19.4
Yarn: 1.22.19
pnpm: N/A
Relevant packages:
next: 13.4.7
eslint-config-next: 13.4.7
react: 18.2.0
react-dom: 18.2.0
typescript: 4.9.5Which area(s) of Next.js are affected? (leave empty if unsure)
No response
Link to the code that reproduces this issue or a replay of the bug
https://github.com/alphabeat/infinite-loop-middleware
To Reproduce
Use this middleware on a production environment:
import { NextRequest, NextResponse } from 'next/server';
export function middleware(req: NextRequest) {
if (process.env.NODE_ENV === 'production' && req.headers.get('x-forwarded-proto') !== 'https') {
return NextResponse.redirect(`https://${req.headers.get('host')}${req.nextUrl.pathname}`, 301);
}
return NextResponse.next();
}Describe the Bug
The X-Forwarded-Proto header never equals https as expected: nextjs returns http,http or https,http. This creates an infinite loop and ends up with an ERR_TOO_MANY_REDIRECTS error on production.
Expected Behavior
The X-Forwarded-Proto header should either return http or https as described on the MDN docs: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
Which browser are you using? (if relevant)
No response
How are you deploying your application? (if relevant)
Heroku