Skip to content

Commit

Permalink
fix(nosecone-next): Avoid overriding original headers
Browse files Browse the repository at this point in the history
  • Loading branch information
blaine-arcjet committed Nov 19, 2024
1 parent 2e66f84 commit 2547305
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 24 deletions.
7 changes: 7 additions & 0 deletions examples/nextjs-bot-categories/app/api/arcjet/route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,13 @@ const aj = arcjet({
export async function GET(req: Request) {
const decision = await aj.protect(req);

if (decision.isErrored()) {
return NextResponse.json(
{ error: decision.reason.message },
{ status: 500, statusText: "Internal Server Error" },
)
}

const headers = new Headers();
if (decision.reason.isBot()) {
// WARNING: This is illustrative! Don't share this metadata with users;
Expand Down
8 changes: 8 additions & 0 deletions examples/nextjs-bot-categories/middleware.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
import { createMiddleware } from "@nosecone/next";

export const config = {
// matcher tells Next.js which routes to run the middleware on
matcher: ["/(.*)"],
};

export default createMiddleware();
30 changes: 6 additions & 24 deletions nosecone-next/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -66,29 +66,6 @@ function applyNextDefaults(options: NoseconeOptions): NoseconeOptions {
};
}

// Setting specific headers is the way that Next.js implements middleware
// See: https://github.com/vercel/next.js/blob/5c45d58cd058a9683e435fd3a1a9b8fede8376c3/packages/next/src/server/web/spec-extension/response.ts#L148
function nextMiddlewareHeaders(
headers: Record<string, string>,
): Record<string, string> {
const forwardedHeaders: Record<string, string> = {
"x-middleware-next": "1",
};

// This applies the logic to forward headers from Next.js middleware
// https://github.com/vercel/next.js/blob/5c45d58cd058a9683e435fd3a1a9b8fede8376c3/packages/next/src/server/web/spec-extension/response.ts#L22-L27
for (const [headerName, headerValue] of Object.entries(headers)) {
if (typeof headerValue !== "string") {
throw new Error(`impossible: missing value for ${headerName}`);
}
forwardedHeaders[`x-middleware-request-${headerName}`] = headerValue;
}
forwardedHeaders["x-middleware-override-headers"] =
Object.keys(headers).join(",");

return forwardedHeaders;
}

/**
* Create Next.js middleware that sets secure headers on every request.
*
Expand All @@ -103,7 +80,12 @@ export function createMiddleware(options: NoseconeOptions = defaults) {
return new Response(null, {
headers: {
...headers,
...nextMiddlewareHeaders(headers),
// Setting this specific header is the way that Next.js implements
// middleware. See:
// https://github.com/vercel/next.js/blob/5c45d58cd058a9683e435fd3a1a9b8fede8376c3/packages/next/src/server/web/spec-extension/response.ts#L148
// Note: we don't create the `x-middleware-override-headers` header so
// the original headers pass through
"x-middleware-next": "1",
},
});
};
Expand Down

0 comments on commit 2547305

Please sign in to comment.