-
Notifications
You must be signed in to change notification settings - Fork 26.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: handle multiple x-forwarded-proto
headers
#58824
fix: handle multiple x-forwarded-proto
headers
#58824
Conversation
Hey @Jonas-PFX can you add a fix for this one too please ? #59031 |
done 🙂 |
Still the same issue in latest stable version 14.0.4 |
what is update on this? when you can merge it? its really a big issue |
Yeah its a big problem for me too. I was hoping it would be faster, but the PR is still awaiting review. |
I have the same issue, i'm stuck in 14.0.1 , cannot upgrade it to latest version, hopefully they will fix it in next stable version :( |
temp solution: create express js app ` const app = express(); app.use('/', createProxyMiddleware({ app.listen(8080, () => { |
This issue is breaking the production and we are unable to migrate from v13.5.6 to v14.0.4. @Jonas-PFX I have a small suggestion regarding the changes. So, we can add the changes done by you directly in I am also attaching the screenshots for debugging the issue in the code for NextJS 14.0.4 - |
This comment was marked as off-topic.
This comment was marked as off-topic.
Stats from current PRDefault BuildGeneral Overall increase
|
vercel/next.js canary | Jonas-PFX/next.js protocol-bug-with-multiple-headers | Change | |
---|---|---|---|
buildDuration | 19.9s | 19.7s | N/A |
buildDurationCached | 8.6s | 6.9s | N/A |
nodeModulesSize | 196 MB | 196 MB | |
nextStartRea..uration (ms) | 425ms | 442ms | N/A |
Client Bundles (main, webpack)
vercel/next.js canary | Jonas-PFX/next.js protocol-bug-with-multiple-headers | Change | |
---|---|---|---|
1068-HASH.js gzip | 30 kB | 30 kB | N/A |
3f784ff6-HASH.js gzip | 53.5 kB | 53.5 kB | N/A |
4944-HASH.js gzip | 4.96 kB | 4.96 kB | N/A |
8423.HASH.js gzip | 181 B | 181 B | ✓ |
framework-HASH.js gzip | 45.2 kB | 45.2 kB | ✓ |
main-app-HASH.js gzip | 241 B | 242 B | N/A |
main-HASH.js gzip | 32 kB | 32 kB | N/A |
webpack-HASH.js gzip | 1.7 kB | 1.7 kB | ✓ |
Overall change | 47.1 kB | 47.1 kB | ✓ |
Legacy Client Bundles (polyfills)
vercel/next.js canary | Jonas-PFX/next.js protocol-bug-with-multiple-headers | Change | |
---|---|---|---|
polyfills-HASH.js gzip | 31 kB | 31 kB | ✓ |
Overall change | 31 kB | 31 kB | ✓ |
Client Pages
vercel/next.js canary | Jonas-PFX/next.js protocol-bug-with-multiple-headers | Change | |
---|---|---|---|
_app-HASH.js gzip | 196 B | 196 B | ✓ |
_error-HASH.js gzip | 184 B | 183 B | N/A |
amp-HASH.js gzip | 503 B | 504 B | N/A |
css-HASH.js gzip | 323 B | 324 B | N/A |
dynamic-HASH.js gzip | 2.5 kB | 2.51 kB | N/A |
edge-ssr-HASH.js gzip | 258 B | 259 B | N/A |
head-HASH.js gzip | 353 B | 351 B | N/A |
hooks-HASH.js gzip | 370 B | 370 B | ✓ |
image-HASH.js gzip | 4.21 kB | 4.2 kB | N/A |
index-HASH.js gzip | 259 B | 259 B | ✓ |
link-HASH.js gzip | 2.68 kB | 2.67 kB | N/A |
routerDirect..HASH.js gzip | 313 B | 314 B | N/A |
script-HASH.js gzip | 386 B | 385 B | N/A |
withRouter-HASH.js gzip | 309 B | 311 B | N/A |
1afbb74e6ecf..834.css gzip | 106 B | 106 B | ✓ |
Overall change | 931 B | 931 B | ✓ |
Client Build Manifests
vercel/next.js canary | Jonas-PFX/next.js protocol-bug-with-multiple-headers | Change | |
---|---|---|---|
_buildManifest.js gzip | 485 B | 484 B | N/A |
Overall change | 0 B | 0 B | ✓ |
Rendered Page Sizes
vercel/next.js canary | Jonas-PFX/next.js protocol-bug-with-multiple-headers | Change | |
---|---|---|---|
index.html gzip | 529 B | 527 B | N/A |
link.html gzip | 541 B | 540 B | N/A |
withRouter.html gzip | 525 B | 522 B | N/A |
Overall change | 0 B | 0 B | ✓ |
Edge SSR bundle Size
vercel/next.js canary | Jonas-PFX/next.js protocol-bug-with-multiple-headers | Change | |
---|---|---|---|
edge-ssr.js gzip | 94.4 kB | 94.4 kB | N/A |
page.js gzip | 151 kB | 151 kB | N/A |
Overall change | 0 B | 0 B | ✓ |
Middleware size
vercel/next.js canary | Jonas-PFX/next.js protocol-bug-with-multiple-headers | Change | |
---|---|---|---|
middleware-b..fest.js gzip | 625 B | 626 B | N/A |
middleware-r..fest.js gzip | 151 B | 151 B | ✓ |
middleware.js gzip | 44.4 kB | 44.4 kB | ✓ |
edge-runtime..pack.js gzip | 1.94 kB | 1.94 kB | ✓ |
Overall change | 46.5 kB | 46.5 kB | ✓ |
Next Runtimes
vercel/next.js canary | Jonas-PFX/next.js protocol-bug-with-multiple-headers | Change | |
---|---|---|---|
app-page-exp...dev.js gzip | 166 kB | 166 kB | ✓ |
app-page-exp..prod.js gzip | 95.5 kB | 95.5 kB | ✓ |
app-page-tur..prod.js gzip | 97.2 kB | 97.2 kB | ✓ |
app-page-tur..prod.js gzip | 91.7 kB | 91.7 kB | ✓ |
app-page.run...dev.js gzip | 136 kB | 136 kB | ✓ |
app-page.run..prod.js gzip | 90.2 kB | 90.2 kB | ✓ |
app-route-ex...dev.js gzip | 22 kB | 22 kB | ✓ |
app-route-ex..prod.js gzip | 14.9 kB | 14.9 kB | ✓ |
app-route-tu..prod.js gzip | 14.9 kB | 14.9 kB | ✓ |
app-route-tu..prod.js gzip | 14.6 kB | 14.6 kB | ✓ |
app-route.ru...dev.js gzip | 21.7 kB | 21.7 kB | ✓ |
app-route.ru..prod.js gzip | 14.6 kB | 14.6 kB | ✓ |
pages-api-tu..prod.js gzip | 9.43 kB | 9.43 kB | ✓ |
pages-api.ru...dev.js gzip | 9.7 kB | 9.7 kB | ✓ |
pages-api.ru..prod.js gzip | 9.43 kB | 9.43 kB | ✓ |
pages-turbo...prod.js gzip | 22 kB | 22 kB | ✓ |
pages.runtim...dev.js gzip | 22.7 kB | 22.7 kB | ✓ |
pages.runtim..prod.js gzip | 22 kB | 22 kB | ✓ |
server.runti..prod.js gzip | 50 kB | 50 kB | N/A |
Overall change | 875 kB | 875 kB | ✓ |
build cache
vercel/next.js canary | Jonas-PFX/next.js protocol-bug-with-multiple-headers | Change | |
---|---|---|---|
0.pack gzip | 1.55 MB | 1.55 MB | N/A |
index.pack gzip | 104 kB | 104 kB | N/A |
Overall change | 0 B | 0 B | ✓ |
Diff details
Diff for server.runtime.prod.js
Diff too large to display
expect(res.status).toBe(200) | ||
|
||
const headers = await res.json() | ||
expect(headers['x-forwarded-proto']).toBe('https, https') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@balazsorban44 Just confirming if this value should be just 'https' or 'https, https'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume we don't want to modify the original header value, we just want to set the correct protocol for the server.
The behavior is not new in this PR, it just now supports passing a concatenated value as x-forwarded-proto
, without causing a 400 response
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the explanation 👍
Tests Passed |
x-forwarded-proto
headers
Thanks a lot @balazsorban44 🥇 |
What?
This PR changes how protocol is determined.
A change was recently made (in PR 57815) that did not take into account cases where there are multiple
x-forwarded-proto
headers. In such cases, the protocol becomes e.g "https, https".Why?
An error will occur in parseUrl on line 1616, since its not a valid url (e.g.
https, https://localhost:3000
).How?
Reverted part of the changes in PR 57815.
Fixes #58764 and fixes #59031
Closes NEXT-2437