@netlify/plugin-nextjs 4.29.5-appdir.0 → 4.30.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@netlify/plugin-nextjs",
-  "version": "4.29.5-appdir.0",
+  "version": "4.30.0",
   "description": "Run Next.js seamlessly on Netlify",
   "main": "index.js",
   "files": [
@@ -12,8 +12,8 @@
   ],
   "dependencies": {
     "@netlify/esbuild": "0.14.39",
-    "@netlify/functions": "^1.3.0",
-    "@netlify/ipx": "^1.3.2",
+    "@netlify/functions": "^1.4.0",
+    "@netlify/ipx": "^1.3.3",
     "@vercel/node-bridge": "^2.1.0",
     "chalk": "^4.1.2",
     "destr": "^1.1.1",
@@ -36,7 +36,7 @@
   },
   "devDependencies": {
     "@delucis/if-env": "^1.1.2",
-    "@netlify/build": "^29.3.0",
+    "@netlify/build": "^29.4.1",
     "@types/fs-extra": "^9.0.13",
     "@types/jest": "^27.4.1",
     "@types/merge-stream": "^1.1.2",

package/src/templates/edge-shared/utils.test.ts

@@ -0,0 +1,64 @@
+import { assertEquals } from 'https://deno.land/std@0.167.0/testing/asserts.ts'
+import { beforeEach, describe, it } from 'https://deno.land/std@0.167.0/testing/bdd.ts'
+import { updateModifiedHeaders, FetchEventResult } from './utils.ts'
+
+describe('updateModifiedHeaders', () => {
+  it("does not modify the headers if 'x-middleware-override-headers' is not found", () => {
+    const mockHeaders = new Headers()
+    // There shouldn't be a case where x-middleware-override-headers is not set and a header has
+    // been modified with 'x-middleware-request' added to it, this is more to confirm the test case
+    mockHeaders.set('x-middleware-request-foo', 'bar')
+
+    const mockResponse = {
+      headers: mockHeaders,
+    }
+
+    const mockRequest = {
+      headers: new Headers(),
+    }
+
+    updateModifiedHeaders(mockRequest.headers, mockResponse.headers)
+
+    assertEquals(mockRequest.headers.get('x-middleware-request-foo'), null)
+  })
+
+  describe("when the 'x-middleware-override-headers' headers is present", () => {
+    let mockHeaders
+    let mockRequest: { headers: Headers }
+    let mockResponse: { headers: Headers }
+
+    beforeEach(() => {
+      mockHeaders = new Headers()
+      mockHeaders.set('foo', 'bar')
+      mockHeaders.set('x-middleware-request-hello', 'world')
+      mockHeaders.set('x-middleware-request-test', '123')
+      mockHeaders.set('x-middleware-override-headers', 'hello,test')
+
+      mockRequest = {
+        headers: new Headers(),
+      }
+
+      mockResponse = {
+        headers: mockHeaders,
+      }
+
+      updateModifiedHeaders(mockRequest.headers, mockResponse.headers)
+    })
+
+    it("does not modify or add headers that are missing 'x-middleware-request' in the name", () => {
+      assertEquals(mockRequest.headers.get('foo'), null)
+    })
+
+    it("removes 'x-middleware-request-' from headers", () => {
+      assertEquals(mockRequest.headers.get('x-middleware-request-hello'), null)
+      assertEquals(mockRequest.headers.get('x-middleware-request-test'), null)
+
+      assertEquals(mockRequest.headers.get('hello'), 'world')
+      assertEquals(mockRequest.headers.get('test'), '123')
+    })
+
+    it("removes 'x-middleware-override-headers' after cleaning headers", () => {
+      assertEquals(mockRequest.headers.get('x-middleware-override-headers'), null)
+    })
+  })
+})

package/src/templates/edge-shared/utils.ts

@@ -31,8 +31,13 @@ export const addMiddlewareHeaders = async (
   // We need to await the response to get the origin headers, then we can add the ones from middleware.
   const res = await originResponse
   const response = new Response(res.body, res)
+  const originCookies = response.headers.get('set-cookie')
   middlewareResponse.headers.forEach((value, key) => {
     response.headers.set(key, value)
+    // Append origin cookies after middleware cookies
+    if (key === 'set-cookie' && originCookies) {
+      response.headers.append(key, originCookies)
+    }
   })
   return response
 }
@@ -59,6 +64,32 @@ function isMiddlewareResponse(response: Response | MiddlewareResponse): response
   return 'dataTransforms' in response
 }
 
+// Next 13 supports request header mutations and has the side effect of prepending header values with 'x-middleware-request'
+// as part of invoking NextResponse.next() in the middleware. We need to remove that before sending the response the user
+// as the code that removes it in Next isn't run based on how we handle the middleware
+//
+// Related Next.js code:
+// * https://github.com/vercel/next.js/blob/68d06fe015b28d8f81da52ca107a5f4bd72ab37c/packages/next/server/next-server.ts#L1918-L1928
+// * https://github.com/vercel/next.js/blob/43c9d8940dc42337dd2f7d66aa90e6abf952278e/packages/next/server/web/spec-extension/response.ts#L10-L27
+export function updateModifiedHeaders(requestHeaders: Headers, responseHeaders: Headers) {
+  const overriddenHeaders = responseHeaders.get('x-middleware-override-headers')
+
+  if (!overriddenHeaders) {
+    return
+  }
+
+  const headersToUpdate = overriddenHeaders.split(',').map((header) => header.trim())
+
+  for (const header of headersToUpdate) {
+    const oldHeaderKey = 'x-middleware-request-' + header
+    const headerValue = responseHeaders.get(oldHeaderKey) || ''
+
+    requestHeaders.set(header, headerValue)
+    responseHeaders.delete(oldHeaderKey)
+  }
+  responseHeaders.delete('x-middleware-override-headers')
+}
+
 export const buildResponse = async ({
   result,
   request,
@@ -68,6 +99,8 @@ export const buildResponse = async ({
   request: Request
   context: Context
 }) => {
+  updateModifiedHeaders(request.headers, result.response.headers)
+
   // They've returned the MiddlewareRequest directly, so we'll call `next()` for them.
   if (isMiddlewareRequest(result.response)) {
     result.response = await result.response.next()