npm - vinext - Versions diffs - 0.0.46 → 0.0.48 - Mend

vinext 0.0.46 → 0.0.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (351) hide show

package/README.md +8 -6
package/dist/build/layout-classification.js +3 -1
package/dist/build/layout-classification.js.map +1 -1
package/dist/build/prerender.d.ts +2 -1
package/dist/build/prerender.js +80 -24
package/dist/build/prerender.js.map +1 -1
package/dist/build/report.d.ts +9 -5
package/dist/build/report.js +17 -7
package/dist/build/report.js.map +1 -1
package/dist/build/route-classification-injector.d.ts +35 -0
package/dist/build/route-classification-injector.js +61 -0
package/dist/build/route-classification-injector.js.map +1 -0
package/dist/build/route-classification-manifest.d.ts +1 -1
package/dist/build/run-prerender.d.ts +5 -0
package/dist/build/run-prerender.js +4 -1
package/dist/build/run-prerender.js.map +1 -1
package/dist/build/server-manifest.js +2 -7
package/dist/build/server-manifest.js.map +1 -1
package/dist/build/standalone.js +3 -5
package/dist/build/standalone.js.map +1 -1
package/dist/build/static-export.d.ts +1 -1
package/dist/check.js +45 -29
package/dist/check.js.map +1 -1
package/dist/cli-args.d.ts +33 -0
package/dist/cli-args.js +121 -0
package/dist/cli-args.js.map +1 -0
package/dist/cli.js +11 -20
package/dist/cli.js.map +1 -1
package/dist/cloudflare/kv-cache-handler.js +29 -9
package/dist/cloudflare/kv-cache-handler.js.map +1 -1
package/dist/config/config-matchers.js +46 -37
package/dist/config/config-matchers.js.map +1 -1
package/dist/config/next-config.d.ts +4 -2
package/dist/config/next-config.js +3 -0
package/dist/config/next-config.js.map +1 -1
package/dist/deploy.d.ts +18 -2
package/dist/deploy.js +47 -4
package/dist/deploy.js.map +1 -1
package/dist/entries/app-rsc-entry.d.ts +4 -3
package/dist/entries/app-rsc-entry.js +379 -858
package/dist/entries/app-rsc-entry.js.map +1 -1
package/dist/entries/app-rsc-manifest.d.ts +1 -1
package/dist/entries/app-rsc-manifest.js +6 -1
package/dist/entries/app-rsc-manifest.js.map +1 -1
package/dist/entries/pages-client-entry.js +3 -2
package/dist/entries/pages-client-entry.js.map +1 -1
package/dist/entries/pages-server-entry.js +19 -61
package/dist/entries/pages-server-entry.js.map +1 -1
package/dist/entries/runtime-entry-module.d.ts +12 -3
package/dist/entries/runtime-entry-module.js +15 -4
package/dist/entries/runtime-entry-module.js.map +1 -1
package/dist/index.js +40 -58
package/dist/index.js.map +1 -1
package/dist/plugins/fonts.js +54 -32
package/dist/plugins/fonts.js.map +1 -1
package/dist/plugins/og-assets.js +15 -16
package/dist/plugins/og-assets.js.map +1 -1
package/dist/plugins/rsc-client-shim-excludes.d.ts +2 -1
package/dist/plugins/rsc-client-shim-excludes.js +11 -1
package/dist/plugins/rsc-client-shim-excludes.js.map +1 -1
package/dist/routing/app-route-graph.d.ts +195 -0
package/dist/routing/app-route-graph.js +1022 -0
package/dist/routing/app-route-graph.js.map +1 -0
package/dist/routing/app-router.d.ts +14 -88
package/dist/routing/app-router.js +21 -712
package/dist/routing/app-router.js.map +1 -1
package/dist/routing/file-matcher.d.ts +3 -1
package/dist/routing/file-matcher.js +6 -1
package/dist/routing/file-matcher.js.map +1 -1
package/dist/routing/pages-router.js +10 -19
package/dist/routing/pages-router.js.map +1 -1
package/dist/routing/route-matching.d.ts +28 -0
package/dist/routing/route-matching.js +44 -0
package/dist/routing/route-matching.js.map +1 -0
package/dist/routing/route-pattern.js +4 -1
package/dist/routing/route-pattern.js.map +1 -1
package/dist/routing/route-trie.d.ts +8 -0
package/dist/routing/route-trie.js +12 -1
package/dist/routing/route-trie.js.map +1 -1
package/dist/routing/route-validation.js +3 -4
package/dist/routing/route-validation.js.map +1 -1
package/dist/routing/utils.d.ts +8 -1
package/dist/routing/utils.js +25 -2
package/dist/routing/utils.js.map +1 -1
package/dist/server/app-browser-entry.js +145 -294
package/dist/server/app-browser-entry.js.map +1 -1
package/dist/server/app-browser-error.d.ts +3 -4
package/dist/server/app-browser-error.js +8 -4
package/dist/server/app-browser-error.js.map +1 -1
package/dist/server/app-browser-navigation-controller.d.ts +75 -0
package/dist/server/app-browser-navigation-controller.js +290 -0
package/dist/server/app-browser-navigation-controller.js.map +1 -0
package/dist/server/app-browser-state.d.ts +33 -15
package/dist/server/app-browser-state.js +52 -59
package/dist/server/app-browser-state.js.map +1 -1
package/dist/server/app-browser-visible-commit.d.ts +68 -0
package/dist/server/app-browser-visible-commit.js +182 -0
package/dist/server/app-browser-visible-commit.js.map +1 -0
package/dist/server/app-client-reference-preloader.d.ts +15 -0
package/dist/server/app-client-reference-preloader.js +46 -0
package/dist/server/app-client-reference-preloader.js.map +1 -0
package/dist/server/app-elements-wire.d.ts +130 -0
package/dist/server/app-elements-wire.js +205 -0
package/dist/server/app-elements-wire.js.map +1 -0
package/dist/server/app-elements.d.ts +2 -84
package/dist/server/app-elements.js +4 -107
package/dist/server/app-elements.js.map +1 -1
package/dist/server/app-fallback-renderer.d.ts +57 -0
package/dist/server/app-fallback-renderer.js +79 -0
package/dist/server/app-fallback-renderer.js.map +1 -0
package/dist/server/app-hook-warning-suppression.d.ts +7 -0
package/dist/server/app-hook-warning-suppression.js +12 -0
package/dist/server/app-hook-warning-suppression.js.map +1 -0
package/dist/server/app-middleware.d.ts +2 -1
package/dist/server/app-middleware.js +34 -11
package/dist/server/app-middleware.js.map +1 -1
package/dist/server/app-mounted-slots-header.d.ts +17 -0
package/dist/server/app-mounted-slots-header.js +21 -0
package/dist/server/app-mounted-slots-header.js.map +1 -0
package/dist/server/app-page-boundary-render.d.ts +3 -3
package/dist/server/app-page-boundary-render.js +8 -5
package/dist/server/app-page-boundary-render.js.map +1 -1
package/dist/server/app-page-boundary.js +2 -1
package/dist/server/app-page-boundary.js.map +1 -1
package/dist/server/app-page-cache.d.ts +19 -4
package/dist/server/app-page-cache.js +60 -22
package/dist/server/app-page-cache.js.map +1 -1
package/dist/server/app-page-dispatch.d.ts +9 -5
package/dist/server/app-page-dispatch.js +41 -17
package/dist/server/app-page-dispatch.js.map +1 -1
package/dist/server/app-page-element-builder.d.ts +61 -0
package/dist/server/app-page-element-builder.js +142 -0
package/dist/server/app-page-element-builder.js.map +1 -0
package/dist/server/app-page-execution.d.ts +23 -5
package/dist/server/app-page-execution.js +39 -24
package/dist/server/app-page-execution.js.map +1 -1
package/dist/server/app-page-head.js +2 -1
package/dist/server/app-page-head.js.map +1 -1
package/dist/server/app-page-method.js +2 -5
package/dist/server/app-page-method.js.map +1 -1
package/dist/server/app-page-params.d.ts +2 -1
package/dist/server/app-page-params.js +3 -3
package/dist/server/app-page-params.js.map +1 -1
package/dist/server/app-page-probe.d.ts +1 -1
package/dist/server/app-page-probe.js +5 -1
package/dist/server/app-page-probe.js.map +1 -1
package/dist/server/app-page-render.d.ts +6 -2
package/dist/server/app-page-render.js +118 -30
package/dist/server/app-page-render.js.map +1 -1
package/dist/server/app-page-request.d.ts +19 -5
package/dist/server/app-page-request.js +49 -7
package/dist/server/app-page-request.js.map +1 -1
package/dist/server/app-page-response.d.ts +1 -0
package/dist/server/app-page-response.js +6 -9
package/dist/server/app-page-response.js.map +1 -1
package/dist/server/app-page-route-wiring.d.ts +20 -4
package/dist/server/app-page-route-wiring.js +15 -12
package/dist/server/app-page-route-wiring.js.map +1 -1
package/dist/server/app-page-stream.d.ts +7 -0
package/dist/server/app-page-stream.js +9 -2
package/dist/server/app-page-stream.js.map +1 -1
package/dist/server/app-post-middleware-context.d.ts +16 -0
package/dist/server/app-post-middleware-context.js +28 -0
package/dist/server/app-post-middleware-context.js.map +1 -0
package/dist/server/app-prerender-endpoints.js +3 -2
package/dist/server/app-prerender-endpoints.js.map +1 -1
package/dist/server/app-request-context.d.ts +22 -0
package/dist/server/app-request-context.js +30 -0
package/dist/server/app-request-context.js.map +1 -0
package/dist/server/app-route-handler-cache.d.ts +1 -0
package/dist/server/app-route-handler-cache.js +7 -2
package/dist/server/app-route-handler-cache.js.map +1 -1
package/dist/server/app-route-handler-dispatch.d.ts +1 -0
package/dist/server/app-route-handler-dispatch.js +8 -5
package/dist/server/app-route-handler-dispatch.js.map +1 -1
package/dist/server/app-route-handler-execution.d.ts +2 -1
package/dist/server/app-route-handler-execution.js +2 -2
package/dist/server/app-route-handler-execution.js.map +1 -1
package/dist/server/app-route-handler-policy.js +13 -13
package/dist/server/app-route-handler-policy.js.map +1 -1
package/dist/server/app-route-handler-response.d.ts +4 -2
package/dist/server/app-route-handler-response.js +9 -7
package/dist/server/app-route-handler-response.js.map +1 -1
package/dist/server/app-route-handler-runtime.d.ts +9 -1
package/dist/server/app-route-handler-runtime.js +11 -1
package/dist/server/app-route-handler-runtime.js.map +1 -1
package/dist/server/app-router-entry.js +9 -4
package/dist/server/app-router-entry.js.map +1 -1
package/dist/server/app-rsc-cache-busting.d.ts +34 -0
package/dist/server/app-rsc-cache-busting.js +137 -0
package/dist/server/app-rsc-cache-busting.js.map +1 -0
package/dist/server/app-rsc-error-handler.d.ts +21 -0
package/dist/server/app-rsc-error-handler.js +30 -0
package/dist/server/app-rsc-error-handler.js.map +1 -0
package/dist/server/app-rsc-handler.d.ts +117 -0
package/dist/server/app-rsc-handler.js +271 -0
package/dist/server/app-rsc-handler.js.map +1 -0
package/dist/server/app-rsc-request-normalization.d.ts +42 -0
package/dist/server/app-rsc-request-normalization.js +67 -0
package/dist/server/app-rsc-request-normalization.js.map +1 -0
package/dist/server/app-rsc-response-finalizer.d.ts +30 -0
package/dist/server/app-rsc-response-finalizer.js +38 -0
package/dist/server/app-rsc-response-finalizer.js.map +1 -0
package/dist/server/app-rsc-route-matching.js +8 -4
package/dist/server/app-rsc-route-matching.js.map +1 -1
package/dist/server/app-segment-config.d.ts +33 -0
package/dist/server/app-segment-config.js +90 -0
package/dist/server/app-segment-config.js.map +1 -0
package/dist/server/app-server-action-execution.d.ts +2 -0
package/dist/server/app-server-action-execution.js +45 -51
package/dist/server/app-server-action-execution.js.map +1 -1
package/dist/server/app-ssr-entry.js +21 -20
package/dist/server/app-ssr-entry.js.map +1 -1
package/dist/server/artifact-compatibility.d.ts +44 -0
package/dist/server/artifact-compatibility.js +82 -0
package/dist/server/artifact-compatibility.js.map +1 -0
package/dist/server/cache-control.d.ts +24 -0
package/dist/server/cache-control.js +33 -0
package/dist/server/cache-control.js.map +1 -0
package/dist/server/cache-proof.d.ts +200 -0
package/dist/server/cache-proof.js +342 -0
package/dist/server/cache-proof.js.map +1 -0
package/dist/server/dev-error-overlay-store.d.ts +23 -0
package/dist/server/dev-error-overlay-store.js +67 -0
package/dist/server/dev-error-overlay-store.js.map +1 -0
package/dist/server/dev-error-overlay.d.ts +15 -0
package/dist/server/dev-error-overlay.js +548 -0
package/dist/server/dev-error-overlay.js.map +1 -0
package/dist/server/dev-origin-check.js +8 -4
package/dist/server/dev-origin-check.js.map +1 -1
package/dist/server/dev-server.js +1 -6
package/dist/server/dev-server.js.map +1 -1
package/dist/server/http-error-responses.d.ts +67 -0
package/dist/server/http-error-responses.js +77 -0
package/dist/server/http-error-responses.js.map +1 -0
package/dist/server/image-optimization.js +2 -1
package/dist/server/image-optimization.js.map +1 -1
package/dist/server/instrumentation-runtime.d.ts +44 -0
package/dist/server/instrumentation-runtime.js +29 -0
package/dist/server/instrumentation-runtime.js.map +1 -0
package/dist/server/isr-cache.d.ts +2 -7
package/dist/server/isr-cache.js +7 -10
package/dist/server/isr-cache.js.map +1 -1
package/dist/server/metadata-route-response.js +6 -5
package/dist/server/metadata-route-response.js.map +1 -1
package/dist/server/metadata-routes.d.ts +1 -0
package/dist/server/metadata-routes.js +6 -0
package/dist/server/metadata-routes.js.map +1 -1
package/dist/server/middleware-matcher.js +2 -2
package/dist/server/middleware-matcher.js.map +1 -1
package/dist/server/middleware-response-headers.js +21 -0
package/dist/server/middleware-response-headers.js.map +1 -1
package/dist/server/middleware-runtime.js +3 -3
package/dist/server/middleware-runtime.js.map +1 -1
package/dist/server/navigation-trace.d.ts +33 -0
package/dist/server/navigation-trace.js +35 -0
package/dist/server/navigation-trace.js.map +1 -0
package/dist/server/next-error-digest.d.ts +44 -0
package/dist/server/next-error-digest.js +40 -0
package/dist/server/next-error-digest.js.map +1 -0
package/dist/server/pages-api-route.js +2 -1
package/dist/server/pages-api-route.js.map +1 -1
package/dist/server/pages-node-compat.js +4 -16
package/dist/server/pages-node-compat.js.map +1 -1
package/dist/server/pages-page-data.d.ts +2 -1
package/dist/server/pages-page-data.js +6 -5
package/dist/server/pages-page-data.js.map +1 -1
package/dist/server/pages-page-response.d.ts +3 -8
package/dist/server/pages-page-response.js +46 -15
package/dist/server/pages-page-response.js.map +1 -1
package/dist/server/prod-server.d.ts +6 -0
package/dist/server/prod-server.js +28 -21
package/dist/server/prod-server.js.map +1 -1
package/dist/server/request-pipeline.d.ts +42 -1
package/dist/server/request-pipeline.js +97 -17
package/dist/server/request-pipeline.js.map +1 -1
package/dist/server/rsc-stream-hints.d.ts +3 -1
package/dist/server/rsc-stream-hints.js +4 -1
package/dist/server/rsc-stream-hints.js.map +1 -1
package/dist/server/seed-cache.js +19 -8
package/dist/server/seed-cache.js.map +1 -1
package/dist/shims/cache-runtime.d.ts +2 -2
package/dist/shims/cache-runtime.js +31 -17
package/dist/shims/cache-runtime.js.map +1 -1
package/dist/shims/cache.d.ts +15 -3
package/dist/shims/cache.js +45 -20
package/dist/shims/cache.js.map +1 -1
package/dist/shims/error-boundary.d.ts +17 -1
package/dist/shims/error-boundary.js +31 -1
package/dist/shims/error-boundary.js.map +1 -1
package/dist/shims/fetch-cache.d.ts +4 -1
package/dist/shims/fetch-cache.js +57 -16
package/dist/shims/fetch-cache.js.map +1 -1
package/dist/shims/head-state.js +2 -3
package/dist/shims/head-state.js.map +1 -1
package/dist/shims/headers.js +4 -44
package/dist/shims/headers.js.map +1 -1
package/dist/shims/i18n-state.js +2 -3
package/dist/shims/i18n-state.js.map +1 -1
package/dist/shims/image.js +93 -5
package/dist/shims/image.js.map +1 -1
package/dist/shims/internal/als-registry.d.ts +15 -0
package/dist/shims/internal/als-registry.js +55 -0
package/dist/shims/internal/als-registry.js.map +1 -0
package/dist/shims/internal/cookie-serialize.d.ts +46 -0
package/dist/shims/internal/cookie-serialize.js +51 -0
package/dist/shims/internal/cookie-serialize.js.map +1 -0
package/dist/shims/link.js +31 -26
package/dist/shims/link.js.map +1 -1
package/dist/shims/metadata.d.ts +26 -1
package/dist/shims/metadata.js +94 -4
package/dist/shims/metadata.js.map +1 -1
package/dist/shims/navigation-state.js +2 -3
package/dist/shims/navigation-state.js.map +1 -1
package/dist/shims/navigation.d.ts +2 -7
package/dist/shims/navigation.js +44 -36
package/dist/shims/navigation.js.map +1 -1
package/dist/shims/request-context.js +2 -4
package/dist/shims/request-context.js.map +1 -1
package/dist/shims/request-state-types.d.ts +1 -1
package/dist/shims/router-state.js +2 -3
package/dist/shims/router-state.js.map +1 -1
package/dist/shims/router.js +2 -2
package/dist/shims/router.js.map +1 -1
package/dist/shims/server.js +5 -30
package/dist/shims/server.js.map +1 -1
package/dist/shims/slot.d.ts +1 -1
package/dist/shims/slot.js +5 -4
package/dist/shims/slot.js.map +1 -1
package/dist/shims/thenable-params.d.ts +5 -2
package/dist/shims/thenable-params.js +26 -6
package/dist/shims/thenable-params.js.map +1 -1
package/dist/shims/unified-request-context.d.ts +1 -1
package/dist/shims/unified-request-context.js +3 -14
package/dist/shims/unified-request-context.js.map +1 -1
package/dist/shims/use-merged-ref.d.ts +7 -0
package/dist/shims/use-merged-ref.js +40 -0
package/dist/shims/use-merged-ref.js.map +1 -0
package/dist/utils/base-path.d.ts +7 -1
package/dist/utils/base-path.js +12 -1
package/dist/utils/base-path.js.map +1 -1
package/dist/utils/cache-control-metadata.d.ts +6 -0
package/dist/utils/cache-control-metadata.js +16 -0
package/dist/utils/cache-control-metadata.js.map +1 -0
package/dist/utils/safe-json-file.d.ts +18 -0
package/dist/utils/safe-json-file.js +25 -0
package/dist/utils/safe-json-file.js.map +1 -0
package/dist/utils/text-stream.d.ts +29 -0
package/dist/utils/text-stream.js +66 -0
package/dist/utils/text-stream.js.map +1 -0
package/package.json +5 -5

package/dist/server/app-rsc-handler.d.ts ADDED Viewed

@@ -0,0 +1,117 @@
+import { NextHeader, NextI18nConfig, NextRedirect, NextRewrite } from "../config/next-config.js";
+import { MiddlewareModule } from "./middleware-runtime.js";
+import { AppMiddlewareContext } from "./app-middleware.js";
+import { handleAppPrerenderEndpoint } from "./app-prerender-endpoints.js";
+import { handleMetadataRouteRequest } from "./metadata-route-response.js";
+//#region src/server/app-rsc-handler.d.ts
+type AppPageParams = Record<string, string | string[]>;
+type MetadataRoutes = Parameters<typeof handleMetadataRouteRequest>[0]["metadataRoutes"];
+type MakeThenableParams = Parameters<typeof handleMetadataRouteRequest>[0]["makeThenableParams"];
+type StaticParamsMap = Parameters<typeof handleAppPrerenderEndpoint>[1]["staticParamsMap"];
+type RootParamNamesMap = Parameters<typeof handleAppPrerenderEndpoint>[1]["rootParamNamesByPattern"];
+type AppRscMiddlewareContext = AppMiddlewareContext;
+type AppRscHandlerRoute = {
+  page?: unknown;
+  pattern: string;
+  rootParamNames?: readonly string[];
+  routeHandler?: unknown;
+  routeSegments: readonly string[];
+};
+type AppRscRouteMatch<TRoute> = {
+  params: AppPageParams;
+  route: TRoute;
+};
+type DispatchMatchedPageOptions<TRoute> = {
+  cleanPathname: string;
+  handlerStart: number;
+  interceptionContext: string | null;
+  isRscRequest: boolean;
+  middlewareContext: AppRscMiddlewareContext;
+  mountedSlotsHeader: string | null;
+  params: AppPageParams;
+  request: Request;
+  route: TRoute;
+  scriptNonce?: string;
+  searchParams: URLSearchParams;
+};
+type DispatchMatchedRouteHandlerOptions<TRoute> = {
+  cleanPathname: string;
+  middlewareContext: AppRscMiddlewareContext;
+  params: AppPageParams;
+  request: Request;
+  route: TRoute;
+  searchParams: URLSearchParams;
+};
+type HandleProgressiveActionRequestOptions = {
+  actionId: string | null;
+  cleanPathname: string;
+  contentType: string;
+  middlewareContext: AppRscMiddlewareContext;
+  request: Request;
+};
+type HandleServerActionRequestOptions = {
+  actionId: string | null;
+  cleanPathname: string;
+  contentType: string;
+  interceptionContext: string | null;
+  isRscRequest: boolean;
+  middlewareContext: AppRscMiddlewareContext;
+  mountedSlotsHeader: string | null;
+  request: Request;
+  searchParams: URLSearchParams;
+};
+type RenderNotFoundOptions<TRoute> = {
+  isRscRequest: boolean;
+  matchedParams?: AppPageParams;
+  middlewareContext: AppRscMiddlewareContext;
+  request: Request;
+  route: TRoute | null;
+  scriptNonce?: string;
+};
+type RenderPagesFallbackOptions = {
+  isRscRequest: boolean;
+  middlewareContext: AppRscMiddlewareContext;
+  request: Request;
+  url: URL;
+};
+type NavigationContextValue = {
+  params: AppPageParams;
+  pathname: string;
+  searchParams: URLSearchParams;
+};
+type CreateAppRscHandlerOptions<TRoute extends AppRscHandlerRoute> = {
+  basePath: string;
+  clearRequestContext: () => void;
+  configHeaders: NextHeader[];
+  configRedirects: NextRedirect[];
+  configRewrites: {
+    afterFiles: NextRewrite[];
+    beforeFiles: NextRewrite[];
+    fallback: NextRewrite[];
+  };
+  dispatchMatchedPage: (options: DispatchMatchedPageOptions<TRoute>) => Promise<Response>;
+  dispatchMatchedRouteHandler: (options: DispatchMatchedRouteHandlerOptions<TRoute>) => Promise<Response>;
+  ensureInstrumentation?: () => Promise<void>;
+  handleProgressiveActionRequest: (options: HandleProgressiveActionRequestOptions) => Promise<Response | null>;
+  handleServerActionRequest: (options: HandleServerActionRequestOptions) => Promise<Response | null>;
+  i18nConfig: NextI18nConfig | null;
+  isMiddlewareProxy: boolean;
+  loadPrerenderPagesRoutes?: () => Promise<unknown>;
+  makeThenableParams: MakeThenableParams;
+  matchRoute: (pathname: string) => AppRscRouteMatch<TRoute> | null;
+  metadataRoutes: MetadataRoutes;
+  middlewareModule: MiddlewareModule | null;
+  publicFiles: ReadonlySet<string>;
+  renderNotFound: (options: RenderNotFoundOptions<TRoute>) => Promise<Response | null>;
+  renderPagesFallback?: (options: RenderPagesFallbackOptions) => Promise<Response | null>;
+  rootParamNamesByPattern?: RootParamNamesMap;
+  setNavigationContext: (context: NavigationContextValue) => void;
+  staticParamsMap: StaticParamsMap;
+  trailingSlash: boolean;
+  validateDevRequestOrigin?: (request: Request) => Response | null;
+};
+declare function createAppRscHandler<TRoute extends AppRscHandlerRoute>(options: CreateAppRscHandlerOptions<TRoute>): (request: Request, ctx: unknown) => Promise<Response>;
+//#endregion
+export { createAppRscHandler };
+//# sourceMappingURL=app-rsc-handler.d.ts.map

package/dist/server/app-rsc-handler.js ADDED Viewed

@@ -0,0 +1,271 @@
+import { createRequestContext, runWithRequestContext } from "../shims/unified-request-context.js";
+import { hasBasePath } from "../utils/base-path.js";
+import { getRequestExecutionContext } from "../shims/request-context.js";
+import { isExternalUrl, matchRedirect, matchRewrite, proxyExternalRequest, requestContextFromRequest, sanitizeDestination } from "../config/config-matchers.js";
+import { notFoundResponse } from "./http-error-responses.js";
+import { cloneRequestWithHeaders, filterInternalHeaders, normalizeTrailingSlash, resolvePublicFileRoute, validateImageUrl } from "./request-pipeline.js";
+import { headersContextFromRequest } from "../shims/headers.js";
+import { ensureFetchPatch, setCurrentFetchSoftTags } from "../shims/fetch-cache.js";
+import { createRscRedirectLocation, resolveInvalidRscCacheBustingRequest, stripRscCacheBustingSearchParam, stripRscSuffix } from "./app-rsc-cache-busting.js";
+import { getScriptNonceFromHeaderSources } from "./csp.js";
+import { mergeMiddlewareResponseHeaders } from "./middleware-response-headers.js";
+import { applyAppMiddleware } from "./app-middleware.js";
+import "./app-page-response.js";
+import { buildPageCacheTags } from "./implicit-tags.js";
+import { buildPostMwRequestContext } from "./app-post-middleware-context.js";
+import { pickRootParams, setRootParams } from "../shims/root-params.js";
+import { handleAppPrerenderEndpoint } from "./app-prerender-endpoints.js";
+import { flattenErrorCauses } from "../utils/error-cause.js";
+import { finalizeAppRscResponse } from "./app-rsc-response-finalizer.js";
+import { normalizeRscRequest } from "./app-rsc-request-normalization.js";
+import { handleMetadataRouteRequest } from "./metadata-route-response.js";
+import { runWithPrerenderWorkUnit } from "./prerender-work-unit-setup.js";
+//#region src/server/app-rsc-handler.ts
+function hasProperty(value, key) {
+	return key in value;
+}
+function isExecutionContextLike(value) {
+	if (!value || typeof value !== "object") return false;
+	return hasProperty(value, "waitUntil") && typeof value.waitUntil === "function";
+}
+function redirectDestinationWithBasePath(destination, basePath) {
+	if (!basePath || isExternalUrl(destination) || hasBasePath(destination, basePath)) return destination;
+	return basePath + destination;
+}
+async function applyRewrite(options, cleanPathname) {
+	if (!options.rewrites.length) return null;
+	const rewritten = matchRewrite(cleanPathname, options.rewrites, options.requestContext);
+	if (!rewritten) return null;
+	if (isExternalUrl(rewritten)) {
+		options.clearRequestContext();
+		return proxyExternalRequest(options.request, rewritten);
+	}
+	return rewritten;
+}
+async function handleAppRscRequest(options, request, preMiddlewareRequestContext) {
+	const handlerStart = process.env.NODE_ENV !== "production" ? performance.now() : 0;
+	if (process.env.NODE_ENV !== "production") {
+		const originBlock = options.validateDevRequestOrigin?.(request);
+		if (originBlock) return originBlock;
+	}
+	const normalized = normalizeRscRequest(request, options.basePath);
+	if (normalized instanceof Response) return normalized;
+	const { url, isRscRequest, interceptionContextHeader, mountedSlotsHeader } = normalized;
+	let { pathname, cleanPathname } = normalized;
+	const prerenderEndpointResponse = await handleAppPrerenderEndpoint(request, {
+		isPrerenderEnabled() {
+			return process.env.VINEXT_PRERENDER === "1";
+		},
+		loadPagesRoutes: options.loadPrerenderPagesRoutes,
+		pathname,
+		rootParamNamesByPattern: options.rootParamNamesByPattern,
+		staticParamsMap: options.staticParamsMap
+	});
+	if (prerenderEndpointResponse) return prerenderEndpointResponse;
+	const trailingSlashRedirect = normalizeTrailingSlash(pathname, options.basePath, options.trailingSlash, url.search);
+	if (trailingSlashRedirect) return trailingSlashRedirect;
+	const redirect = matchRedirect(stripRscSuffix(pathname), options.configRedirects, preMiddlewareRequestContext);
+	if (redirect) {
+		const destination = sanitizeDestination(redirectDestinationWithBasePath(redirect.destination, options.basePath));
+		const location = isRscRequest && request.headers.get("RSC") === "1" ? await createRscRedirectLocation(destination, request) : destination;
+		return new Response(null, {
+			status: redirect.permanent ? 308 : 307,
+			headers: { Location: location }
+		});
+	}
+	const rscCacheBustingRedirect = await resolveInvalidRscCacheBustingRequest({
+		isRscRequest,
+		request
+	});
+	if (rscCacheBustingRedirect) return rscCacheBustingRedirect;
+	const middlewareContext = {
+		headers: null,
+		requestHeaders: null,
+		status: null
+	};
+	if (options.middlewareModule) {
+		const middlewareResult = await applyAppMiddleware({
+			basePath: options.basePath,
+			cleanPathname,
+			context: middlewareContext,
+			i18nConfig: options.i18nConfig,
+			isProxy: options.isMiddlewareProxy,
+			module: options.middlewareModule,
+			request
+		});
+		if (middlewareResult.kind === "response") return middlewareResult.response;
+		cleanPathname = middlewareResult.cleanPathname;
+		if (middlewareResult.search !== null) url.search = middlewareResult.search;
+	}
+	const scriptNonce = getScriptNonceFromHeaderSources(request.headers, middlewareContext.headers);
+	const postMiddlewareRequestContext = buildPostMwRequestContext(request);
+	const beforeFilesRewrite = await applyRewrite({
+		clearRequestContext: options.clearRequestContext,
+		request,
+		requestContext: postMiddlewareRequestContext,
+		rewrites: options.configRewrites.beforeFiles
+	}, cleanPathname);
+	if (beforeFilesRewrite instanceof Response) return beforeFilesRewrite;
+	if (beforeFilesRewrite) cleanPathname = beforeFilesRewrite;
+	if (cleanPathname === "/_vinext/image") {
+		const imageUrlResult = validateImageUrl(url.searchParams.get("url"), request.url);
+		if (imageUrlResult instanceof Response) return imageUrlResult;
+		return Response.redirect(new URL(imageUrlResult, url.origin).href, 302);
+	}
+	const metadataRouteResponse = await handleMetadataRouteRequest({
+		metadataRoutes: options.metadataRoutes,
+		cleanPathname,
+		makeThenableParams: options.makeThenableParams
+	});
+	if (metadataRouteResponse) return metadataRouteResponse;
+	const publicFileResponse = resolvePublicFileRoute({
+		cleanPathname,
+		middlewareContext,
+		pathname,
+		publicFiles: options.publicFiles,
+		request
+	});
+	if (publicFileResponse) {
+		options.clearRequestContext();
+		return publicFileResponse;
+	}
+	if (isRscRequest) stripRscCacheBustingSearchParam(url);
+	options.setNavigationContext({
+		pathname: cleanPathname,
+		searchParams: url.searchParams,
+		params: {}
+	});
+	const actionId = request.headers.get("x-rsc-action") ?? request.headers.get("next-action");
+	const contentType = request.headers.get("content-type") || "";
+	const progressiveActionResponse = await options.handleProgressiveActionRequest({
+		actionId,
+		cleanPathname,
+		contentType,
+		middlewareContext,
+		request
+	});
+	if (progressiveActionResponse) return progressiveActionResponse;
+	const serverActionResponse = await options.handleServerActionRequest({
+		actionId,
+		cleanPathname,
+		contentType,
+		interceptionContext: interceptionContextHeader,
+		isRscRequest,
+		middlewareContext,
+		mountedSlotsHeader,
+		request,
+		searchParams: url.searchParams
+	});
+	if (serverActionResponse) return serverActionResponse;
+	const afterFilesRewrite = await applyRewrite({
+		clearRequestContext: options.clearRequestContext,
+		request,
+		requestContext: postMiddlewareRequestContext,
+		rewrites: options.configRewrites.afterFiles
+	}, cleanPathname);
+	if (afterFilesRewrite instanceof Response) return afterFilesRewrite;
+	if (afterFilesRewrite) cleanPathname = afterFilesRewrite;
+	let match = options.matchRoute(cleanPathname);
+	if (!match) {
+		const fallbackRewrite = await applyRewrite({
+			clearRequestContext: options.clearRequestContext,
+			request,
+			requestContext: postMiddlewareRequestContext,
+			rewrites: options.configRewrites.fallback
+		}, cleanPathname);
+		if (fallbackRewrite instanceof Response) return fallbackRewrite;
+		if (fallbackRewrite) {
+			cleanPathname = fallbackRewrite;
+			match = options.matchRoute(cleanPathname);
+		}
+	}
+	if (!match) {
+		const pagesFallbackResponse = await options.renderPagesFallback?.({
+			isRscRequest,
+			middlewareContext,
+			request,
+			url
+		});
+		if (pagesFallbackResponse) {
+			options.clearRequestContext();
+			return pagesFallbackResponse;
+		}
+		const renderedNotFoundResponse = await options.renderNotFound({
+			isRscRequest,
+			middlewareContext,
+			request,
+			route: null,
+			scriptNonce
+		});
+		if (renderedNotFoundResponse) return renderedNotFoundResponse;
+		options.clearRequestContext();
+		const headers = new Headers();
+		mergeMiddlewareResponseHeaders(headers, middlewareContext.headers);
+		return notFoundResponse({ headers });
+	}
+	const { route, params } = match;
+	options.setNavigationContext({
+		pathname: cleanPathname,
+		searchParams: url.searchParams,
+		params
+	});
+	setRootParams(pickRootParams(params, route.rootParamNames));
+	if (route.routeHandler) {
+		setCurrentFetchSoftTags(buildPageCacheTags(cleanPathname, [], [...route.routeSegments], "route"));
+		return options.dispatchMatchedRouteHandler({
+			cleanPathname,
+			middlewareContext,
+			params,
+			request,
+			route,
+			searchParams: url.searchParams
+		});
+	}
+	return options.dispatchMatchedPage({
+		cleanPathname,
+		handlerStart,
+		interceptionContext: interceptionContextHeader,
+		isRscRequest,
+		middlewareContext,
+		mountedSlotsHeader,
+		params,
+		request,
+		route,
+		scriptNonce,
+		searchParams: url.searchParams
+	});
+}
+function createAppRscHandler(options) {
+	return async function appRscHandler(rawRequest, ctx) {
+		await options.ensureInstrumentation?.();
+		const mwCtx = rawRequest.headers.get("x-vinext-mw-ctx");
+		const filteredHeaders = filterInternalHeaders(rawRequest.headers);
+		if (mwCtx !== null) filteredHeaders.set("x-vinext-mw-ctx", mwCtx);
+		const request = cloneRequestWithHeaders(rawRequest, filteredHeaders);
+		const executionContext = isExecutionContextLike(ctx) ? ctx : getRequestExecutionContext() ?? null;
+		return runWithRequestContext(createRequestContext({
+			headersContext: headersContextFromRequest(request),
+			executionContext,
+			unstableCacheRevalidation: "background"
+		}), () => runWithPrerenderWorkUnit(async () => {
+			ensureFetchPatch();
+			const preMiddlewareRequestContext = requestContextFromRequest(request);
+			let response;
+			try {
+				response = await handleAppRscRequest(options, request, preMiddlewareRequestContext);
+			} catch (error) {
+				if (process.env.NODE_ENV !== "production") flattenErrorCauses(error);
+				throw error;
+			}
+			return finalizeAppRscResponse(response, request, {
+				basePath: options.basePath,
+				configHeaders: options.configHeaders,
+				requestContext: preMiddlewareRequestContext
+			});
+		}, { route: () => new URL(request.url).pathname }));
+	};
+}
+//#endregion
+export { createAppRscHandler };
+//# sourceMappingURL=app-rsc-handler.js.map

package/dist/server/app-rsc-handler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"app-rsc-handler.js","names":[],"sources":["../../src/server/app-rsc-handler.ts"],"sourcesContent":["import type {\n NextHeader,\n NextI18nConfig,\n NextRedirect,\n NextRewrite,\n} from \"../config/next-config.js\";\nimport {\n isExternalUrl,\n matchRedirect,\n matchRewrite,\n proxyExternalRequest,\n requestContextFromRequest,\n sanitizeDestination,\n} from \"../config/config-matchers.js\";\nimport { headersContextFromRequest } from \"vinext/shims/headers\";\nimport { ensureFetchPatch, setCurrentFetchSoftTags } from \"vinext/shims/fetch-cache\";\nimport {\n getRequestExecutionContext,\n type ExecutionContextLike,\n} from \"vinext/shims/request-context\";\nimport { pickRootParams, setRootParams } from \"vinext/shims/root-params\";\nimport { createRequestContext, runWithRequestContext } from \"vinext/shims/unified-request-context\";\nimport { flattenErrorCauses } from \"../utils/error-cause.js\";\nimport { hasBasePath } from \"../utils/base-path.js\";\nimport { applyAppMiddleware, type AppMiddlewareContext } from \"./app-middleware.js\";\nimport { mergeMiddlewareResponseHeaders } from \"./app-page-response.js\";\nimport { handleAppPrerenderEndpoint } from \"./app-prerender-endpoints.js\";\nimport {\n createRscRedirectLocation,\n resolveInvalidRscCacheBustingRequest,\n stripRscCacheBustingSearchParam,\n stripRscSuffix,\n} from \"./app-rsc-cache-busting.js\";\nimport { finalizeAppRscResponse } from \"./app-rsc-response-finalizer.js\";\nimport { normalizeRscRequest } from \"./app-rsc-request-normalization.js\";\nimport { notFoundResponse } from \"./http-error-responses.js\";\nimport { getScriptNonceFromHeaderSources } from \"./csp.js\";\nimport { buildPageCacheTags } from \"./implicit-tags.js\";\nimport { handleMetadataRouteRequest } from \"./metadata-route-response.js\";\nimport type { MiddlewareModule } from \"./middleware-runtime.js\";\nimport { runWithPrerenderWorkUnit } from \"./prerender-work-unit-setup.js\";\nimport { buildPostMwRequestContext } from \"./app-post-middleware-context.js\";\nimport {\n cloneRequestWithHeaders,\n filterInternalHeaders,\n normalizeTrailingSlash,\n resolvePublicFileRoute,\n validateImageUrl,\n} from \"./request-pipeline.js\";\n\ntype AppPageParams = Record<string, string | string[]>;\ntype RequestContext = ReturnType<typeof requestContextFromRequest>;\ntype MetadataRoutes = Parameters<typeof handleMetadataRouteRequest>[0][\"metadataRoutes\"];\ntype MakeThenableParams = Parameters<typeof handleMetadataRouteRequest>[0][\"makeThenableParams\"];\ntype StaticParamsMap = Parameters<typeof handleAppPrerenderEndpoint>[1][\"staticParamsMap\"];\ntype RootParamNamesMap = Parameters<\n typeof handleAppPrerenderEndpoint\n>[1][\"rootParamNamesByPattern\"];\n\ntype AppRscMiddlewareContext = AppMiddlewareContext;\n\ntype AppRscHandlerRoute = {\n page?: unknown;\n pattern: string;\n rootParamNames?: readonly string[];\n routeHandler?: unknown;\n routeSegments: readonly string[];\n};\n\ntype AppRscRouteMatch<TRoute> = {\n params: AppPageParams;\n route: TRoute;\n};\n\ntype DispatchMatchedPageOptions<TRoute> = {\n cleanPathname: string;\n handlerStart: number;\n interceptionContext: string | null;\n isRscRequest: boolean;\n middlewareContext: AppRscMiddlewareContext;\n mountedSlotsHeader: string | null;\n params: AppPageParams;\n request: Request;\n route: TRoute;\n scriptNonce?: string;\n searchParams: URLSearchParams;\n};\n\ntype DispatchMatchedRouteHandlerOptions<TRoute> = {\n cleanPathname: string;\n middlewareContext: AppRscMiddlewareContext;\n params: AppPageParams;\n request: Request;\n route: TRoute;\n searchParams: URLSearchParams;\n};\n\ntype HandleProgressiveActionRequestOptions = {\n actionId: string | null;\n cleanPathname: string;\n contentType: string;\n middlewareContext: AppRscMiddlewareContext;\n request: Request;\n};\n\ntype HandleServerActionRequestOptions = {\n actionId: string | null;\n cleanPathname: string;\n contentType: string;\n interceptionContext: string | null;\n isRscRequest: boolean;\n middlewareContext: AppRscMiddlewareContext;\n mountedSlotsHeader: string | null;\n request: Request;\n searchParams: URLSearchParams;\n};\n\ntype RenderNotFoundOptions<TRoute> = {\n isRscRequest: boolean;\n matchedParams?: AppPageParams;\n middlewareContext: AppRscMiddlewareContext;\n request: Request;\n route: TRoute | null;\n scriptNonce?: string;\n};\n\ntype RenderPagesFallbackOptions = {\n isRscRequest: boolean;\n middlewareContext: AppRscMiddlewareContext;\n request: Request;\n url: URL;\n};\n\ntype NavigationContextValue = {\n params: AppPageParams;\n pathname: string;\n searchParams: URLSearchParams;\n};\n\ntype CreateAppRscHandlerOptions<TRoute extends AppRscHandlerRoute> = {\n basePath: string;\n clearRequestContext: () => void;\n configHeaders: NextHeader[];\n configRedirects: NextRedirect[];\n configRewrites: {\n afterFiles: NextRewrite[];\n beforeFiles: NextRewrite[];\n fallback: NextRewrite[];\n };\n dispatchMatchedPage: (options: DispatchMatchedPageOptions<TRoute>) => Promise<Response>;\n dispatchMatchedRouteHandler: (\n options: DispatchMatchedRouteHandlerOptions<TRoute>,\n ) => Promise<Response>;\n ensureInstrumentation?: () => Promise<void>;\n handleProgressiveActionRequest: (\n options: HandleProgressiveActionRequestOptions,\n ) => Promise<Response | null>;\n handleServerActionRequest: (\n options: HandleServerActionRequestOptions,\n ) => Promise<Response | null>;\n i18nConfig: NextI18nConfig | null;\n isMiddlewareProxy: boolean;\n loadPrerenderPagesRoutes?: () => Promise<unknown>;\n makeThenableParams: MakeThenableParams;\n matchRoute: (pathname: string) => AppRscRouteMatch<TRoute> | null;\n metadataRoutes: MetadataRoutes;\n middlewareModule: MiddlewareModule | null;\n publicFiles: ReadonlySet<string>;\n renderNotFound: (options: RenderNotFoundOptions<TRoute>) => Promise<Response | null>;\n renderPagesFallback?: (options: RenderPagesFallbackOptions) => Promise<Response | null>;\n rootParamNamesByPattern?: RootParamNamesMap;\n setNavigationContext: (context: NavigationContextValue) => void;\n staticParamsMap: StaticParamsMap;\n trailingSlash: boolean;\n validateDevRequestOrigin?: (request: Request) => Response | null;\n};\n\nfunction hasProperty<TKey extends PropertyKey>(\n value: object,\n key: TKey,\n): value is object & Record<TKey, unknown> {\n return key in value;\n}\n\nfunction isExecutionContextLike(value: unknown): value is ExecutionContextLike {\n if (!value || typeof value !== \"object\") return false;\n return hasProperty(value, \"waitUntil\") && typeof value.waitUntil === \"function\";\n}\n\nfunction redirectDestinationWithBasePath(destination: string, basePath: string): string {\n if (!basePath || isExternalUrl(destination) || hasBasePath(destination, basePath)) {\n return destination;\n }\n return basePath + destination;\n}\n\nasync function applyRewrite(\n options: {\n clearRequestContext: () => void;\n request: Request;\n requestContext: RequestContext;\n rewrites: NextRewrite[];\n },\n cleanPathname: string,\n): Promise<Response | string | null> {\n if (!options.rewrites.length) return null;\n\n const rewritten = matchRewrite(cleanPathname, options.rewrites, options.requestContext);\n if (!rewritten) return null;\n\n if (isExternalUrl(rewritten)) {\n options.clearRequestContext();\n return proxyExternalRequest(options.request, rewritten);\n }\n\n return rewritten;\n}\n\nasync function handleAppRscRequest<TRoute extends AppRscHandlerRoute>(\n options: CreateAppRscHandlerOptions<TRoute>,\n request: Request,\n preMiddlewareRequestContext: RequestContext,\n): Promise<Response> {\n const handlerStart = process.env.NODE_ENV !== \"production\" ? performance.now() : 0;\n\n if (process.env.NODE_ENV !== \"production\") {\n const originBlock = options.validateDevRequestOrigin?.(request);\n if (originBlock) return originBlock;\n }\n\n const normalized = normalizeRscRequest(request, options.basePath);\n if (normalized instanceof Response) return normalized;\n\n const { url, isRscRequest, interceptionContextHeader, mountedSlotsHeader } = normalized;\n let { pathname, cleanPathname } = normalized;\n\n const prerenderEndpointResponse = await handleAppPrerenderEndpoint(request, {\n isPrerenderEnabled() {\n return process.env.VINEXT_PRERENDER === \"1\";\n },\n loadPagesRoutes: options.loadPrerenderPagesRoutes,\n pathname,\n rootParamNamesByPattern: options.rootParamNamesByPattern,\n staticParamsMap: options.staticParamsMap,\n });\n if (prerenderEndpointResponse) return prerenderEndpointResponse;\n\n const trailingSlashRedirect = normalizeTrailingSlash(\n pathname,\n options.basePath,\n options.trailingSlash,\n url.search,\n );\n if (trailingSlashRedirect) return trailingSlashRedirect;\n\n const redirectPathname = stripRscSuffix(pathname);\n const redirect = matchRedirect(\n redirectPathname,\n options.configRedirects,\n preMiddlewareRequestContext,\n );\n if (redirect) {\n const destination = sanitizeDestination(\n redirectDestinationWithBasePath(redirect.destination, options.basePath),\n );\n const location =\n isRscRequest && request.headers.get(\"RSC\") === \"1\"\n ? await createRscRedirectLocation(destination, request)\n : destination;\n return new Response(null, {\n status: redirect.permanent ? 308 : 307,\n headers: { Location: location },\n });\n }\n\n const rscCacheBustingRedirect = await resolveInvalidRscCacheBustingRequest({\n isRscRequest,\n request,\n });\n if (rscCacheBustingRedirect) return rscCacheBustingRedirect;\n\n const middlewareContext: AppRscMiddlewareContext = {\n headers: null,\n requestHeaders: null,\n status: null,\n };\n\n if (options.middlewareModule) {\n const middlewareResult = await applyAppMiddleware({\n basePath: options.basePath,\n cleanPathname,\n context: middlewareContext,\n i18nConfig: options.i18nConfig,\n isProxy: options.isMiddlewareProxy,\n module: options.middlewareModule,\n request,\n });\n if (middlewareResult.kind === \"response\") return middlewareResult.response;\n\n cleanPathname = middlewareResult.cleanPathname;\n if (middlewareResult.search !== null) {\n url.search = middlewareResult.search;\n }\n }\n\n const scriptNonce = getScriptNonceFromHeaderSources(request.headers, middlewareContext.headers);\n const postMiddlewareRequestContext = buildPostMwRequestContext(request);\n\n const beforeFilesRewrite = await applyRewrite(\n {\n clearRequestContext: options.clearRequestContext,\n request,\n requestContext: postMiddlewareRequestContext,\n rewrites: options.configRewrites.beforeFiles,\n },\n cleanPathname,\n );\n if (beforeFilesRewrite instanceof Response) return beforeFilesRewrite;\n if (beforeFilesRewrite) cleanPathname = beforeFilesRewrite;\n\n if (cleanPathname === \"/_vinext/image\") {\n const imageUrlResult = validateImageUrl(url.searchParams.get(\"url\"), request.url);\n if (imageUrlResult instanceof Response) return imageUrlResult;\n return Response.redirect(new URL(imageUrlResult, url.origin).href, 302);\n }\n\n const metadataRouteResponse = await handleMetadataRouteRequest({\n metadataRoutes: options.metadataRoutes,\n cleanPathname,\n makeThenableParams: options.makeThenableParams,\n });\n if (metadataRouteResponse) return metadataRouteResponse;\n\n const publicFileResponse = resolvePublicFileRoute({\n cleanPathname,\n middlewareContext,\n pathname,\n publicFiles: options.publicFiles,\n request,\n });\n if (publicFileResponse) {\n options.clearRequestContext();\n return publicFileResponse;\n }\n\n if (isRscRequest) {\n stripRscCacheBustingSearchParam(url);\n }\n\n options.setNavigationContext({\n pathname: cleanPathname,\n searchParams: url.searchParams,\n params: {},\n });\n\n const actionId = request.headers.get(\"x-rsc-action\") ?? request.headers.get(\"next-action\");\n const contentType = request.headers.get(\"content-type\") || \"\";\n\n const progressiveActionResponse = await options.handleProgressiveActionRequest({\n actionId,\n cleanPathname,\n contentType,\n middlewareContext,\n request,\n });\n if (progressiveActionResponse) return progressiveActionResponse;\n\n const serverActionResponse = await options.handleServerActionRequest({\n actionId,\n cleanPathname,\n contentType,\n interceptionContext: interceptionContextHeader,\n isRscRequest,\n middlewareContext,\n mountedSlotsHeader,\n request,\n searchParams: url.searchParams,\n });\n if (serverActionResponse) return serverActionResponse;\n\n const afterFilesRewrite = await applyRewrite(\n {\n clearRequestContext: options.clearRequestContext,\n request,\n requestContext: postMiddlewareRequestContext,\n rewrites: options.configRewrites.afterFiles,\n },\n cleanPathname,\n );\n if (afterFilesRewrite instanceof Response) return afterFilesRewrite;\n if (afterFilesRewrite) cleanPathname = afterFilesRewrite;\n\n let match = options.matchRoute(cleanPathname);\n if (!match) {\n const fallbackRewrite = await applyRewrite(\n {\n clearRequestContext: options.clearRequestContext,\n request,\n requestContext: postMiddlewareRequestContext,\n rewrites: options.configRewrites.fallback,\n },\n cleanPathname,\n );\n if (fallbackRewrite instanceof Response) return fallbackRewrite;\n if (fallbackRewrite) {\n cleanPathname = fallbackRewrite;\n match = options.matchRoute(cleanPathname);\n }\n }\n\n if (!match) {\n const pagesFallbackResponse = await options.renderPagesFallback?.({\n isRscRequest,\n middlewareContext,\n request,\n url,\n });\n if (pagesFallbackResponse) {\n options.clearRequestContext();\n return pagesFallbackResponse;\n }\n\n const renderedNotFoundResponse = await options.renderNotFound({\n isRscRequest,\n middlewareContext,\n request,\n route: null,\n scriptNonce,\n });\n if (renderedNotFoundResponse) return renderedNotFoundResponse;\n\n options.clearRequestContext();\n const headers = new Headers();\n mergeMiddlewareResponseHeaders(headers, middlewareContext.headers);\n return notFoundResponse({ headers });\n }\n\n const { route, params } = match;\n options.setNavigationContext({\n pathname: cleanPathname,\n searchParams: url.searchParams,\n params,\n });\n setRootParams(pickRootParams(params, route.rootParamNames));\n\n if (route.routeHandler) {\n setCurrentFetchSoftTags(\n buildPageCacheTags(cleanPathname, [], [...route.routeSegments], \"route\"),\n );\n return options.dispatchMatchedRouteHandler({\n cleanPathname,\n middlewareContext,\n params,\n request,\n route,\n searchParams: url.searchParams,\n });\n }\n\n return options.dispatchMatchedPage({\n cleanPathname,\n handlerStart,\n interceptionContext: interceptionContextHeader,\n isRscRequest,\n middlewareContext,\n mountedSlotsHeader,\n params,\n request,\n route,\n scriptNonce,\n searchParams: url.searchParams,\n });\n}\n\nexport function createAppRscHandler<TRoute extends AppRscHandlerRoute>(\n options: CreateAppRscHandlerOptions<TRoute>,\n): (request: Request, ctx: unknown) => Promise<Response> {\n return async function appRscHandler(rawRequest, ctx) {\n await options.ensureInstrumentation?.();\n\n // Strip forged internal headers at the App Router request boundary.\n // Must happen BEFORE headersContextFromRequest() and\n // requestContextFromRequest() so the captured context never contains\n // attacker-controlled internal headers. This is the correct boundary\n // for pure App Router requests; in hybrid app+pages mode the connect\n // handler already filtered headers upstream and x-vinext-mw-ctx\n // (not in INTERNAL_HEADERS) carries the forwarded middleware context.\n // srvx's NodeRequestHeaders reads from rawHeaders for iteration but falls\n // back to req.headers for .get() / .has(). In the dev server we add\n // x-vinext-mw-ctx to req.headers after the Request is built, so it is\n // visible to .get() but lost when filterInternalHeaders iterates. Read it\n // BEFORE iterating so applyForwardedMiddlewareContext can skip middleware.\n const mwCtx = rawRequest.headers.get(\"x-vinext-mw-ctx\");\n const filteredHeaders = filterInternalHeaders(rawRequest.headers);\n if (mwCtx !== null) {\n filteredHeaders.set(\"x-vinext-mw-ctx\", mwCtx);\n }\n const request = cloneRequestWithHeaders(rawRequest, filteredHeaders);\n\n const executionContext = isExecutionContextLike(ctx)\n ? ctx\n : (getRequestExecutionContext() ?? null);\n const headersContext = headersContextFromRequest(request);\n const requestContext = createRequestContext({\n headersContext,\n executionContext,\n unstableCacheRevalidation: \"background\",\n });\n\n return runWithRequestContext(requestContext, () =>\n runWithPrerenderWorkUnit(\n async () => {\n ensureFetchPatch();\n const preMiddlewareRequestContext = requestContextFromRequest(request);\n let response: Response;\n\n try {\n response = await handleAppRscRequest(options, request, preMiddlewareRequestContext);\n } catch (error) {\n if (process.env.NODE_ENV !== \"production\") {\n flattenErrorCauses(error);\n }\n throw error;\n }\n\n return finalizeAppRscResponse(response, request, {\n basePath: options.basePath,\n configHeaders: options.configHeaders,\n requestContext: preMiddlewareRequestContext,\n });\n },\n { route: () => new URL(request.url).pathname },\n ),\n );\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAiLA,SAAS,YACP,OACA,KACyC;AACzC,QAAO,OAAO;;AAGhB,SAAS,uBAAuB,OAA+C;AAC7E,KAAI,CAAC,SAAS,OAAO,UAAU,SAAU,QAAO;AAChD,QAAO,YAAY,OAAO,YAAY,IAAI,OAAO,MAAM,cAAc;;AAGvE,SAAS,gCAAgC,aAAqB,UAA0B;AACtF,KAAI,CAAC,YAAY,cAAc,YAAY,IAAI,YAAY,aAAa,SAAS,CAC/E,QAAO;AAET,QAAO,WAAW;;AAGpB,eAAe,aACb,SAMA,eACmC;AACnC,KAAI,CAAC,QAAQ,SAAS,OAAQ,QAAO;CAErC,MAAM,YAAY,aAAa,eAAe,QAAQ,UAAU,QAAQ,eAAe;AACvF,KAAI,CAAC,UAAW,QAAO;AAEvB,KAAI,cAAc,UAAU,EAAE;AAC5B,UAAQ,qBAAqB;AAC7B,SAAO,qBAAqB,QAAQ,SAAS,UAAU;;AAGzD,QAAO;;AAGT,eAAe,oBACb,SACA,SACA,6BACmB;CACnB,MAAM,eAAe,QAAQ,IAAI,aAAa,eAAe,YAAY,KAAK,GAAG;AAEjF,KAAI,QAAQ,IAAI,aAAa,cAAc;EACzC,MAAM,cAAc,QAAQ,2BAA2B,QAAQ;AAC/D,MAAI,YAAa,QAAO;;CAG1B,MAAM,aAAa,oBAAoB,SAAS,QAAQ,SAAS;AACjE,KAAI,sBAAsB,SAAU,QAAO;CAE3C,MAAM,EAAE,KAAK,cAAc,2BAA2B,uBAAuB;CAC7E,IAAI,EAAE,UAAU,kBAAkB;CAElC,MAAM,4BAA4B,MAAM,2BAA2B,SAAS;EAC1E,qBAAqB;AACnB,UAAO,QAAQ,IAAI,qBAAqB;;EAE1C,iBAAiB,QAAQ;EACzB;EACA,yBAAyB,QAAQ;EACjC,iBAAiB,QAAQ;EAC1B,CAAC;AACF,KAAI,0BAA2B,QAAO;CAEtC,MAAM,wBAAwB,uBAC5B,UACA,QAAQ,UACR,QAAQ,eACR,IAAI,OACL;AACD,KAAI,sBAAuB,QAAO;CAGlC,MAAM,WAAW,cADQ,eAAe,SAAS,EAG/C,QAAQ,iBACR,4BACD;AACD,KAAI,UAAU;EACZ,MAAM,cAAc,oBAClB,gCAAgC,SAAS,aAAa,QAAQ,SAAS,CACxE;EACD,MAAM,WACJ,gBAAgB,QAAQ,QAAQ,IAAI,MAAM,KAAK,MAC3C,MAAM,0BAA0B,aAAa,QAAQ,GACrD;AACN,SAAO,IAAI,SAAS,MAAM;GACxB,QAAQ,SAAS,YAAY,MAAM;GACnC,SAAS,EAAE,UAAU,UAAU;GAChC,CAAC;;CAGJ,MAAM,0BAA0B,MAAM,qCAAqC;EACzE;EACA;EACD,CAAC;AACF,KAAI,wBAAyB,QAAO;CAEpC,MAAM,oBAA6C;EACjD,SAAS;EACT,gBAAgB;EAChB,QAAQ;EACT;AAED,KAAI,QAAQ,kBAAkB;EAC5B,MAAM,mBAAmB,MAAM,mBAAmB;GAChD,UAAU,QAAQ;GAClB;GACA,SAAS;GACT,YAAY,QAAQ;GACpB,SAAS,QAAQ;GACjB,QAAQ,QAAQ;GAChB;GACD,CAAC;AACF,MAAI,iBAAiB,SAAS,WAAY,QAAO,iBAAiB;AAElE,kBAAgB,iBAAiB;AACjC,MAAI,iBAAiB,WAAW,KAC9B,KAAI,SAAS,iBAAiB;;CAIlC,MAAM,cAAc,gCAAgC,QAAQ,SAAS,kBAAkB,QAAQ;CAC/F,MAAM,+BAA+B,0BAA0B,QAAQ;CAEvE,MAAM,qBAAqB,MAAM,aAC/B;EACE,qBAAqB,QAAQ;EAC7B;EACA,gBAAgB;EAChB,UAAU,QAAQ,eAAe;EAClC,EACD,cACD;AACD,KAAI,8BAA8B,SAAU,QAAO;AACnD,KAAI,mBAAoB,iBAAgB;AAExC,KAAI,kBAAkB,kBAAkB;EACtC,MAAM,iBAAiB,iBAAiB,IAAI,aAAa,IAAI,MAAM,EAAE,QAAQ,IAAI;AACjF,MAAI,0BAA0B,SAAU,QAAO;AAC/C,SAAO,SAAS,SAAS,IAAI,IAAI,gBAAgB,IAAI,OAAO,CAAC,MAAM,IAAI;;CAGzE,MAAM,wBAAwB,MAAM,2BAA2B;EAC7D,gBAAgB,QAAQ;EACxB;EACA,oBAAoB,QAAQ;EAC7B,CAAC;AACF,KAAI,sBAAuB,QAAO;CAElC,MAAM,qBAAqB,uBAAuB;EAChD;EACA;EACA;EACA,aAAa,QAAQ;EACrB;EACD,CAAC;AACF,KAAI,oBAAoB;AACtB,UAAQ,qBAAqB;AAC7B,SAAO;;AAGT,KAAI,aACF,iCAAgC,IAAI;AAGtC,SAAQ,qBAAqB;EAC3B,UAAU;EACV,cAAc,IAAI;EAClB,QAAQ,EAAE;EACX,CAAC;CAEF,MAAM,WAAW,QAAQ,QAAQ,IAAI,eAAe,IAAI,QAAQ,QAAQ,IAAI,cAAc;CAC1F,MAAM,cAAc,QAAQ,QAAQ,IAAI,eAAe,IAAI;CAE3D,MAAM,4BAA4B,MAAM,QAAQ,+BAA+B;EAC7E;EACA;EACA;EACA;EACA;EACD,CAAC;AACF,KAAI,0BAA2B,QAAO;CAEtC,MAAM,uBAAuB,MAAM,QAAQ,0BAA0B;EACnE;EACA;EACA;EACA,qBAAqB;EACrB;EACA;EACA;EACA;EACA,cAAc,IAAI;EACnB,CAAC;AACF,KAAI,qBAAsB,QAAO;CAEjC,MAAM,oBAAoB,MAAM,aAC9B;EACE,qBAAqB,QAAQ;EAC7B;EACA,gBAAgB;EAChB,UAAU,QAAQ,eAAe;EAClC,EACD,cACD;AACD,KAAI,6BAA6B,SAAU,QAAO;AAClD,KAAI,kBAAmB,iBAAgB;CAEvC,IAAI,QAAQ,QAAQ,WAAW,cAAc;AAC7C,KAAI,CAAC,OAAO;EACV,MAAM,kBAAkB,MAAM,aAC5B;GACE,qBAAqB,QAAQ;GAC7B;GACA,gBAAgB;GAChB,UAAU,QAAQ,eAAe;GAClC,EACD,cACD;AACD,MAAI,2BAA2B,SAAU,QAAO;AAChD,MAAI,iBAAiB;AACnB,mBAAgB;AAChB,WAAQ,QAAQ,WAAW,cAAc;;;AAI7C,KAAI,CAAC,OAAO;EACV,MAAM,wBAAwB,MAAM,QAAQ,sBAAsB;GAChE;GACA;GACA;GACA;GACD,CAAC;AACF,MAAI,uBAAuB;AACzB,WAAQ,qBAAqB;AAC7B,UAAO;;EAGT,MAAM,2BAA2B,MAAM,QAAQ,eAAe;GAC5D;GACA;GACA;GACA,OAAO;GACP;GACD,CAAC;AACF,MAAI,yBAA0B,QAAO;AAErC,UAAQ,qBAAqB;EAC7B,MAAM,UAAU,IAAI,SAAS;AAC7B,iCAA+B,SAAS,kBAAkB,QAAQ;AAClE,SAAO,iBAAiB,EAAE,SAAS,CAAC;;CAGtC,MAAM,EAAE,OAAO,WAAW;AAC1B,SAAQ,qBAAqB;EAC3B,UAAU;EACV,cAAc,IAAI;EAClB;EACD,CAAC;AACF,eAAc,eAAe,QAAQ,MAAM,eAAe,CAAC;AAE3D,KAAI,MAAM,cAAc;AACtB,0BACE,mBAAmB,eAAe,EAAE,EAAE,CAAC,GAAG,MAAM,cAAc,EAAE,QAAQ,CACzE;AACD,SAAO,QAAQ,4BAA4B;GACzC;GACA;GACA;GACA;GACA;GACA,cAAc,IAAI;GACnB,CAAC;;AAGJ,QAAO,QAAQ,oBAAoB;EACjC;EACA;EACA,qBAAqB;EACrB;EACA;EACA;EACA;EACA;EACA;EACA;EACA,cAAc,IAAI;EACnB,CAAC;;AAGJ,SAAgB,oBACd,SACuD;AACvD,QAAO,eAAe,cAAc,YAAY,KAAK;AACnD,QAAM,QAAQ,yBAAyB;EAcvC,MAAM,QAAQ,WAAW,QAAQ,IAAI,kBAAkB;EACvD,MAAM,kBAAkB,sBAAsB,WAAW,QAAQ;AACjE,MAAI,UAAU,KACZ,iBAAgB,IAAI,mBAAmB,MAAM;EAE/C,MAAM,UAAU,wBAAwB,YAAY,gBAAgB;EAEpE,MAAM,mBAAmB,uBAAuB,IAAI,GAChD,MACC,4BAA4B,IAAI;AAQrC,SAAO,sBANgB,qBAAqB;GAC1C,gBAFqB,0BAA0B,QAAQ;GAGvD;GACA,2BAA2B;GAC5B,CAAC,QAGA,yBACE,YAAY;AACV,qBAAkB;GAClB,MAAM,8BAA8B,0BAA0B,QAAQ;GACtE,IAAI;AAEJ,OAAI;AACF,eAAW,MAAM,oBAAoB,SAAS,SAAS,4BAA4B;YAC5E,OAAO;AACd,QAAI,QAAQ,IAAI,aAAa,aAC3B,oBAAmB,MAAM;AAE3B,UAAM;;AAGR,UAAO,uBAAuB,UAAU,SAAS;IAC/C,UAAU,QAAQ;IAClB,eAAe,QAAQ;IACvB,gBAAgB;IACjB,CAAC;KAEJ,EAAE,aAAa,IAAI,IAAI,QAAQ,IAAI,CAAC,UAAU,CAC/C,CACF"}

package/dist/server/app-rsc-request-normalization.d.ts ADDED Viewed

@@ -0,0 +1,42 @@
+import { normalizeMountedSlotsHeader } from "./app-mounted-slots-header.js";
+//#region src/server/app-rsc-request-normalization.d.ts
+type NormalizedRscRequest = {
+  /** Parsed URL. Callers may mutate `url.search` after middleware runs. */url: URL; /** Normalized pathname with basePath stripped. Used for all internal routing. */
+  pathname: string; /** Pathname with `.rsc` suffix removed. Used for route matching and navigation context. */
+  cleanPathname: string; /** True when the request targets a canonical `.rsc` payload URL. */
+  isRscRequest: boolean; /** Sanitized X-Vinext-Interception-Context header (null bytes stripped). null when absent. */
+  interceptionContextHeader: string | null; /** Normalized x-vinext-mounted-slots header (deduplicated, sorted). null when absent or blank. */
+  mountedSlotsHeader: string | null;
+};
+/**
+ * Normalize an App Router RSC request.
+ *
+ * Performs all security-sensitive and compatibility-sensitive preprocessing before
+ * route matching. The ordering of steps is security-critical — changing it introduces
+ * vulnerabilities:
+ *
+ *   1. Parse URL
+ *   2. Protocol-relative URL guard — on the raw pathname, BEFORE normalizePath collapses
+ *      `//` to `/`. If the guard ran after normalization, `//evil.com` → `/evil.com`
+ *      would bypass the check and reach the trailing-slash redirector, which echoes the
+ *      path into a `Location` header that browsers interpret as protocol-relative.
+ *   3. Strict percent-decode each segment — throws on malformed sequences (→ 400). Must
+ *      run before basePath check so %2F-encoded slashes cannot create fake basePath prefixes.
+ *   4. Collapse double-slashes, resolve `.` and `..` segments (normalizePath)
+ *   5. basePath check + strip — 404 when pathname lacks the basePath prefix.
+ *      `/__vinext/` bypasses this for internal prerender endpoints.
+ *   6. RSC detection: `.rsc` suffix only. RSC headers do not select payload
+ *      rendering at the canonical HTML URL, so caches that ignore Vary cannot
+ *      store Flight responses under HTML URLs.
+ *   7. cleanPathname — pathname with `.rsc` suffix stripped
+ *   8. Sanitize X-Vinext-Interception-Context — strip null bytes (header injection)
+ *   9. Normalize x-vinext-mounted-slots — dedup and sort for canonical cache keys
+ *
+ * @returns A 400 or 404 Response for invalid or out-of-scope inputs,
+ *          or a NormalizedRscRequest for valid requests.
+ */
+declare function normalizeRscRequest(request: Request, basePath: string): Response | NormalizedRscRequest;
+//#endregion
+export { NormalizedRscRequest, normalizeMountedSlotsHeader, normalizeRscRequest };
+//# sourceMappingURL=app-rsc-request-normalization.d.ts.map

package/dist/server/app-rsc-request-normalization.js ADDED Viewed

@@ -0,0 +1,67 @@
+import { normalizePathnameForRouteMatchStrict } from "../routing/utils.js";
+import { hasBasePath, stripBasePath } from "../utils/base-path.js";
+import { normalizePath } from "./normalize-path.js";
+import { badRequestResponse, notFoundResponse } from "./http-error-responses.js";
+import { guardProtocolRelativeUrl } from "./request-pipeline.js";
+import { normalizeMountedSlotsHeader } from "./app-mounted-slots-header.js";
+import { stripRscSuffix } from "./app-rsc-cache-busting.js";
+//#region src/server/app-rsc-request-normalization.ts
+/**
+* Normalize an App Router RSC request.
+*
+* Performs all security-sensitive and compatibility-sensitive preprocessing before
+* route matching. The ordering of steps is security-critical — changing it introduces
+* vulnerabilities:
+*
+*   1. Parse URL
+*   2. Protocol-relative URL guard — on the raw pathname, BEFORE normalizePath collapses
+*      `//` to `/`. If the guard ran after normalization, `//evil.com` → `/evil.com`
+*      would bypass the check and reach the trailing-slash redirector, which echoes the
+*      path into a `Location` header that browsers interpret as protocol-relative.
+*   3. Strict percent-decode each segment — throws on malformed sequences (→ 400). Must
+*      run before basePath check so %2F-encoded slashes cannot create fake basePath prefixes.
+*   4. Collapse double-slashes, resolve `.` and `..` segments (normalizePath)
+*   5. basePath check + strip — 404 when pathname lacks the basePath prefix.
+*      `/__vinext/` bypasses this for internal prerender endpoints.
+*   6. RSC detection: `.rsc` suffix only. RSC headers do not select payload
+*      rendering at the canonical HTML URL, so caches that ignore Vary cannot
+*      store Flight responses under HTML URLs.
+*   7. cleanPathname — pathname with `.rsc` suffix stripped
+*   8. Sanitize X-Vinext-Interception-Context — strip null bytes (header injection)
+*   9. Normalize x-vinext-mounted-slots — dedup and sort for canonical cache keys
+*
+* @returns A 400 or 404 Response for invalid or out-of-scope inputs,
+*          or a NormalizedRscRequest for valid requests.
+*/
+function normalizeRscRequest(request, basePath) {
+	const url = new URL(request.url);
+	const protoGuard = guardProtocolRelativeUrl(url.pathname);
+	if (protoGuard) return protoGuard;
+	let decoded;
+	try {
+		decoded = normalizePathnameForRouteMatchStrict(url.pathname);
+	} catch {
+		return badRequestResponse();
+	}
+	let pathname = normalizePath(decoded);
+	if (basePath) {
+		if (!hasBasePath(pathname, basePath) && !pathname.startsWith("/__vinext/")) return notFoundResponse();
+		pathname = stripBasePath(pathname, basePath);
+	}
+	const isRscRequest = pathname.endsWith(".rsc");
+	const cleanPathname = stripRscSuffix(pathname);
+	const interceptionContextHeader = request.headers.get("X-Vinext-Interception-Context")?.replaceAll("\0", "") || null;
+	const mountedSlotsHeader = normalizeMountedSlotsHeader(request.headers.get("x-vinext-mounted-slots"));
+	return {
+		url,
+		pathname,
+		cleanPathname,
+		isRscRequest,
+		interceptionContextHeader,
+		mountedSlotsHeader
+	};
+}
+//#endregion
+export { normalizeMountedSlotsHeader, normalizeRscRequest };
+//# sourceMappingURL=app-rsc-request-normalization.js.map

package/dist/server/app-rsc-request-normalization.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"app-rsc-request-normalization.js","names":[],"sources":["../../src/server/app-rsc-request-normalization.ts"],"sourcesContent":["import { normalizePath } from \"./normalize-path.js\";\nimport { normalizePathnameForRouteMatchStrict } from \"../routing/utils.js\";\nimport { guardProtocolRelativeUrl } from \"./request-pipeline.js\";\nimport { hasBasePath, stripBasePath } from \"../utils/base-path.js\";\nimport { normalizeMountedSlotsHeader } from \"./app-mounted-slots-header.js\";\nimport { stripRscSuffix } from \"./app-rsc-cache-busting.js\";\nimport { badRequestResponse, notFoundResponse } from \"./http-error-responses.js\";\n\nexport { normalizeMountedSlotsHeader } from \"./app-mounted-slots-header.js\";\n\nexport type NormalizedRscRequest = {\n /** Parsed URL. Callers may mutate `url.search` after middleware runs. */\n url: URL;\n /** Normalized pathname with basePath stripped. Used for all internal routing. */\n pathname: string;\n /** Pathname with `.rsc` suffix removed. Used for route matching and navigation context. */\n cleanPathname: string;\n /** True when the request targets a canonical `.rsc` payload URL. */\n isRscRequest: boolean;\n /** Sanitized X-Vinext-Interception-Context header (null bytes stripped). null when absent. */\n interceptionContextHeader: string | null;\n /** Normalized x-vinext-mounted-slots header (deduplicated, sorted). null when absent or blank. */\n mountedSlotsHeader: string | null;\n};\n\n/**\n * Normalize an App Router RSC request.\n *\n * Performs all security-sensitive and compatibility-sensitive preprocessing before\n * route matching. The ordering of steps is security-critical — changing it introduces\n * vulnerabilities:\n *\n * 1. Parse URL\n * 2. Protocol-relative URL guard — on the raw pathname, BEFORE normalizePath collapses\n * `//` to `/`. If the guard ran after normalization, `//evil.com` → `/evil.com`\n * would bypass the check and reach the trailing-slash redirector, which echoes the\n * path into a `Location` header that browsers interpret as protocol-relative.\n * 3. Strict percent-decode each segment — throws on malformed sequences (→ 400). Must\n * run before basePath check so %2F-encoded slashes cannot create fake basePath prefixes.\n * 4. Collapse double-slashes, resolve `.` and `..` segments (normalizePath)\n * 5. basePath check + strip — 404 when pathname lacks the basePath prefix.\n * `/__vinext/` bypasses this for internal prerender endpoints.\n * 6. RSC detection: `.rsc` suffix only. RSC headers do not select payload\n * rendering at the canonical HTML URL, so caches that ignore Vary cannot\n * store Flight responses under HTML URLs.\n * 7. cleanPathname — pathname with `.rsc` suffix stripped\n * 8. Sanitize X-Vinext-Interception-Context — strip null bytes (header injection)\n * 9. Normalize x-vinext-mounted-slots — dedup and sort for canonical cache keys\n *\n * @returns A 400 or 404 Response for invalid or out-of-scope inputs,\n * or a NormalizedRscRequest for valid requests.\n */\nexport function normalizeRscRequest(\n request: Request,\n basePath: string,\n): Response | NormalizedRscRequest {\n const url = new URL(request.url);\n\n // Step 2: Guard against protocol-relative open redirects on the raw pathname.\n // normalizePath (step 4) would collapse //evil.com to /evil.com, causing the\n // guard to miss it. Raw pathname must be checked first.\n const protoGuard = guardProtocolRelativeUrl(url.pathname);\n if (protoGuard) return protoGuard;\n\n // Step 3: Strict segment-wise percent-decode. Preserves encoded path delimiters\n // (%2F stays %2F) to prevent encoded slashes from acting as path separators.\n // Throws on malformed sequences like %GG — caller must return 400.\n let decoded: string;\n try {\n decoded = normalizePathnameForRouteMatchStrict(url.pathname);\n } catch {\n return badRequestResponse();\n }\n\n // Step 4: Collapse double-slashes and resolve . / .. segments.\n let pathname = normalizePath(decoded);\n\n // Step 5: basePath check and strip.\n // Skipped when basePath is empty (no basePath configured).\n // /__vinext/ prefix bypasses the check for internal prerender endpoints\n // that must be reachable regardless of basePath configuration.\n if (basePath) {\n if (!hasBasePath(pathname, basePath) && !pathname.startsWith(\"/__vinext/\")) {\n return notFoundResponse();\n }\n pathname = stripBasePath(pathname, basePath);\n }\n\n // Steps 6-7: RSC detection and cleanPathname.\n const isRscRequest = pathname.endsWith(\".rsc\");\n const cleanPathname = stripRscSuffix(pathname);\n\n // Step 8: Sanitize X-Vinext-Interception-Context.\n // Null bytes in header values can be used for injection in some HTTP stacks.\n const interceptionContextHeader =\n request.headers.get(\"X-Vinext-Interception-Context\")?.replaceAll(\"\\0\", \"\") || null;\n\n // Step 9: Normalize mounted-slots header for canonical cache keying.\n const mountedSlotsHeader = normalizeMountedSlotsHeader(\n request.headers.get(\"x-vinext-mounted-slots\"),\n );\n\n return {\n url,\n pathname,\n cleanPathname,\n isRscRequest,\n interceptionContextHeader,\n mountedSlotsHeader,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoDA,SAAgB,oBACd,SACA,UACiC;CACjC,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;CAKhC,MAAM,aAAa,yBAAyB,IAAI,SAAS;AACzD,KAAI,WAAY,QAAO;CAKvB,IAAI;AACJ,KAAI;AACF,YAAU,qCAAqC,IAAI,SAAS;SACtD;AACN,SAAO,oBAAoB;;CAI7B,IAAI,WAAW,cAAc,QAAQ;AAMrC,KAAI,UAAU;AACZ,MAAI,CAAC,YAAY,UAAU,SAAS,IAAI,CAAC,SAAS,WAAW,aAAa,CACxE,QAAO,kBAAkB;AAE3B,aAAW,cAAc,UAAU,SAAS;;CAI9C,MAAM,eAAe,SAAS,SAAS,OAAO;CAC9C,MAAM,gBAAgB,eAAe,SAAS;CAI9C,MAAM,4BACJ,QAAQ,QAAQ,IAAI,gCAAgC,EAAE,WAAW,MAAM,GAAG,IAAI;CAGhF,MAAM,qBAAqB,4BACzB,QAAQ,QAAQ,IAAI,yBAAyB,CAC9C;AAED,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACD"}

package/dist/server/app-rsc-response-finalizer.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import { NextHeader } from "../config/next-config.js";
+import { RequestContext } from "../config/config-matchers.js";
+//#region src/server/app-rsc-response-finalizer.d.ts
+type FinalizeAppRscResponseOptions = {
+  basePath: string;
+  configHeaders: NextHeader[];
+  /**
+   * Original pre-middleware request context.
+   * Next.js evaluates config header has/missing conditions against the
+   * unmodified incoming request, so callers must pass the snapshot taken
+   * before middleware runs.
+   */
+  requestContext: RequestContext;
+};
+/**
+ * Apply next.config.js response headers to an App Router response.
+ *
+ * Called once per request in the outer handler() wrapper, after all route
+ * handling, so that every response path (page, route handler, server action,
+ * metadata, not-found) gets headers applied consistently.
+ *
+ * Skips 3xx redirect responses. Response.redirect() creates immutable
+ * headers that throw on mutation, and Next.js does not apply config headers
+ * to redirects regardless.
+ */
+declare function finalizeAppRscResponse(response: Response, request: Request, options: FinalizeAppRscResponseOptions): Response;
+//#endregion
+export { finalizeAppRscResponse };
+//# sourceMappingURL=app-rsc-response-finalizer.d.ts.map

package/dist/server/app-rsc-response-finalizer.js ADDED Viewed

@@ -0,0 +1,38 @@
+import { normalizePathnameForRouteMatch } from "../routing/utils.js";
+import { stripBasePath } from "../utils/base-path.js";
+import { normalizePath } from "./normalize-path.js";
+import { applyConfigHeadersToResponse } from "./request-pipeline.js";
+//#region src/server/app-rsc-response-finalizer.ts
+/**
+* Apply next.config.js response headers to an App Router response.
+*
+* Called once per request in the outer handler() wrapper, after all route
+* handling, so that every response path (page, route handler, server action,
+* metadata, not-found) gets headers applied consistently.
+*
+* Skips 3xx redirect responses. Response.redirect() creates immutable
+* headers that throw on mutation, and Next.js does not apply config headers
+* to redirects regardless.
+*/
+function finalizeAppRscResponse(response, request, options) {
+	if (response.status >= 300 && response.status < 400) return response;
+	if (!options.configHeaders.length) return response;
+	const url = new URL(request.url);
+	let pathname;
+	try {
+		pathname = normalizePath(normalizePathnameForRouteMatch(url.pathname));
+	} catch {
+		pathname = url.pathname;
+	}
+	pathname = stripBasePath(pathname, options.basePath);
+	applyConfigHeadersToResponse(response.headers, {
+		configHeaders: options.configHeaders,
+		pathname,
+		requestContext: options.requestContext
+	});
+	return response;
+}
+//#endregion
+export { finalizeAppRscResponse };
+//# sourceMappingURL=app-rsc-response-finalizer.js.map

package/dist/server/app-rsc-response-finalizer.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"app-rsc-response-finalizer.js","names":[],"sources":["../../src/server/app-rsc-response-finalizer.ts"],"sourcesContent":["import type { NextHeader } from \"../config/next-config.js\";\nimport type { RequestContext } from \"../config/config-matchers.js\";\nimport { applyConfigHeadersToResponse } from \"./request-pipeline.js\";\nimport { stripBasePath } from \"../utils/base-path.js\";\nimport { normalizePath } from \"./normalize-path.js\";\nimport { normalizePathnameForRouteMatch } from \"../routing/utils.js\";\n\ntype FinalizeAppRscResponseOptions = {\n basePath: string;\n configHeaders: NextHeader[];\n /**\n * Original pre-middleware request context.\n * Next.js evaluates config header has/missing conditions against the\n * unmodified incoming request, so callers must pass the snapshot taken\n * before middleware runs.\n */\n requestContext: RequestContext;\n};\n\n/**\n * Apply next.config.js response headers to an App Router response.\n *\n * Called once per request in the outer handler() wrapper, after all route\n * handling, so that every response path (page, route handler, server action,\n * metadata, not-found) gets headers applied consistently.\n *\n * Skips 3xx redirect responses. Response.redirect() creates immutable\n * headers that throw on mutation, and Next.js does not apply config headers\n * to redirects regardless.\n */\nexport function finalizeAppRscResponse(\n response: Response,\n request: Request,\n options: FinalizeAppRscResponseOptions,\n): Response {\n // 3xx responses: Response.redirect() headers are immutable (throws on write),\n // and Next.js deliberately excludes config headers from redirect responses.\n if (response.status >= 300 && response.status < 400) {\n return response;\n }\n\n if (!options.configHeaders.length) {\n return response;\n }\n\n const url = new URL(request.url);\n let pathname: string;\n try {\n pathname = normalizePath(normalizePathnameForRouteMatch(url.pathname));\n } catch {\n // Malformed percent-encoding. The request reached this point only because\n // normalizePathnameForRouteMatchStrict ran earlier and returned 400 for\n // truly-malformed paths. This catch exists as a safety net for edge cases;\n // keep the historical raw-path fallback rather than crashing the response.\n pathname = url.pathname;\n }\n\n // Config header sources are defined without basePath prefix. Strip basePath\n // at a segment boundary (not a string prefix) so /app2/page with basePath\n // /app is not incorrectly treated as /app with suffix /2/page.\n pathname = stripBasePath(pathname, options.basePath);\n\n applyConfigHeadersToResponse(response.headers, {\n configHeaders: options.configHeaders,\n pathname,\n requestContext: options.requestContext,\n });\n\n return response;\n}\n"],"mappings":";;;;;;;;;;;;;;;;AA8BA,SAAgB,uBACd,UACA,SACA,SACU;AAGV,KAAI,SAAS,UAAU,OAAO,SAAS,SAAS,IAC9C,QAAO;AAGT,KAAI,CAAC,QAAQ,cAAc,OACzB,QAAO;CAGT,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;CAChC,IAAI;AACJ,KAAI;AACF,aAAW,cAAc,+BAA+B,IAAI,SAAS,CAAC;SAChE;AAKN,aAAW,IAAI;;AAMjB,YAAW,cAAc,UAAU,QAAQ,SAAS;AAEpD,8BAA6B,SAAS,SAAS;EAC7C,eAAe,QAAQ;EACvB;EACA,gBAAgB,QAAQ;EACzB,CAAC;AAEF,QAAO"}