Skip to content

[Backport v14] add additional x-middleware-set-cookie filtering (#75561) #75870

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 10, 2025
Merged

[Backport v14] add additional x-middleware-set-cookie filtering (#75561) #75870

merged 3 commits into from
Feb 10, 2025

Conversation

ztanner
Copy link
Member

@ztanner ztanner commented Feb 10, 2025
edited
Loading

@ztanner
add additional x-middleware-set-cookie filtering (#75561)
15ce690 
Previously when we removed this from the response we only did so for
requests that flowed through middleware and static handlers. We should
ensure it's filtered in `sendResponse` as well. The header is only
needed internally.
@ijjk
Copy link
Member

ijjk commented Feb 10, 2025
edited
Loading

Tests Passed

@ijjk
Copy link
Member

ijjk commented Feb 10, 2025
edited
Loading

Stats from current PR

Default Build
General Overall increase ⚠️
vercel/next.js 14-2-1 vercel/next.js backport-14/98d4bba Change
buildDuration 15.7s 14s N/A
buildDurationCached 7.6s 6.8s N/A
nodeModulesSize 201 MB 201 MB ⚠️ +17.1 kB
nextStartRea..uration (ms) 366ms 360ms N/A
Client Bundles (main, webpack)
vercel/next.js 14-2-1 vercel/next.js backport-14/98d4bba Change
1a9f679d-HASH.js gzip 53.7 kB 53.7 kB
5428.HASH.js gzip 181 B 180 B N/A
6067-HASH.js gzip 5.14 kB 5.14 kB
6428-HASH.js gzip 31.6 kB 31.6 kB N/A
framework-HASH.js gzip 44.9 kB 44.9 kB
main-app-HASH.js gzip 241 B 245 B N/A
main-HASH.js gzip 32.3 kB 32.3 kB N/A
webpack-HASH.js gzip 1.68 kB 1.68 kB N/A
Overall change 104 kB 104 kB
Legacy Client Bundles (polyfills)
vercel/next.js 14-2-1 vercel/next.js backport-14/98d4bba Change
polyfills-HASH.js gzip 39.4 kB 39.4 kB
Overall change 39.4 kB 39.4 kB
Client Pages
vercel/next.js 14-2-1 vercel/next.js backport-14/98d4bba Change
_app-HASH.js gzip 196 B 196 B
_error-HASH.js gzip 184 B 185 B N/A
amp-HASH.js gzip 502 B 504 B N/A
css-HASH.js gzip 321 B 324 B N/A
dynamic-HASH.js gzip 1.82 kB 1.82 kB N/A
edge-ssr-HASH.js gzip 258 B 257 B N/A
head-HASH.js gzip 352 B 352 B
hooks-HASH.js gzip 371 B 372 B N/A
image-HASH.js gzip 4.32 kB 4.32 kB N/A
index-HASH.js gzip 259 B 257 B N/A
link-HASH.js gzip 2.67 kB 2.68 kB N/A
routerDirect..HASH.js gzip 316 B 314 B N/A
script-HASH.js gzip 385 B 386 B N/A
withRouter-HASH.js gzip 311 B 310 B N/A
1afbb74e6ecf..834.css gzip 106 B 106 B
Overall change 654 B 654 B
Client Build Manifests
vercel/next.js 14-2-1 vercel/next.js backport-14/98d4bba Change
_buildManifest.js gzip 484 B 481 B N/A
Overall change 0 B 0 B
Rendered Page Sizes
vercel/next.js 14-2-1 vercel/next.js backport-14/98d4bba Change
index.html gzip 527 B 527 B
link.html gzip 541 B 539 B N/A
withRouter.html gzip 522 B 523 B N/A
Overall change 527 B 527 B
Edge SSR bundle Size
vercel/next.js 14-2-1 vercel/next.js backport-14/98d4bba Change
edge-ssr.js gzip 95.6 kB 95.6 kB N/A
page.js gzip 3.06 kB 3.06 kB N/A
Overall change 0 B 0 B
Middleware size
vercel/next.js 14-2-1 vercel/next.js backport-14/98d4bba Change
middleware-b..fest.js gzip 659 B 655 B N/A
middleware-r..fest.js gzip 156 B 154 B N/A
middleware.js gzip 25.5 kB 25.5 kB N/A
edge-runtime..pack.js gzip 839 B 839 B
Overall change 839 B 839 B
Next Runtimes
vercel/next.js 14-2-1 vercel/next.js backport-14/98d4bba Change
app-page-exp...dev.js gzip 172 kB 172 kB
app-page-exp..prod.js gzip 98.4 kB 98.4 kB
app-page-tur..prod.js gzip 100 kB 100 kB
app-page-tur..prod.js gzip 94.4 kB 94.4 kB
app-page.run...dev.js gzip 146 kB 146 kB
app-page.run..prod.js gzip 92.9 kB 92.9 kB
app-route-ex...dev.js gzip 22.6 kB 22.6 kB
app-route-ex..prod.js gzip 16 kB 16 kB
app-route-tu..prod.js gzip 16 kB 16 kB
app-route-tu..prod.js gzip 15.7 kB 15.7 kB
app-route.ru...dev.js gzip 22.2 kB 22.2 kB
app-route.ru..prod.js gzip 15.7 kB 15.7 kB
pages-api-tu..prod.js gzip 9.58 kB 9.58 kB
pages-api.ru...dev.js gzip 9.85 kB 9.85 kB
pages-api.ru..prod.js gzip 9.57 kB 9.57 kB
pages-turbo...prod.js gzip 22.5 kB 22.5 kB
pages.runtim...dev.js gzip 23.2 kB 23.2 kB
pages.runtim..prod.js gzip 22.5 kB 22.5 kB
server.runti..prod.js gzip 51.8 kB 51.8 kB N/A
Overall change 909 kB 909 kB
build cache
vercel/next.js 14-2-1 vercel/next.js backport-14/98d4bba Change
0.pack gzip 1.63 MB 1.63 MB N/A
index.pack gzip 113 kB 113 kB N/A
Overall change 0 B 0 B
Diff details
Diff for middleware.js

Diff too large to display

Diff for edge-ssr.js

Diff too large to display

Diff for server.runtime.prod.js

Diff too large to display

Commit: 7699908

@ztanner ztanner marked this pull request as ready for review February 10, 2025 17:15
@ztanner ztanner requested a review from ijjk February 10, 2025 17:16
ztanner and others added 2 commits February 10, 2025 10:49
@ztanner
add test
4dfd958
@ztanner @ijjk
remove unnecessary internal middleware header from response (#73482)
7699908 
x-middleware-set-cookie is an internal header used by the middleware
handler and doesn't need to be forwarded onto the response.

this also adds handling to filter out internal request headers as they
aren't intended to be used externally.

---------

Co-authored-by: JJ Kasper <[email protected]>
@ztanner ztanner merged commit 5791cb6 into 14-2-1 Feb 10, 2025
51 of 56 checks passed
@ztanner ztanner deleted the backport-14/98d4bba branch February 10, 2025 19:13
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 25, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ijjk ijjk ijjk approved these changes

Assignees
No one assigned
Labels
created-by: Next.js team PRs by the Next.js team. locked tests type: next
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ztanner @ijjk