next.js icon indicating copy to clipboard operation
next.js copied to clipboard
Published 3 weeks ago verified publisher icon vercel

Rewrite does not set the correct x-forwarded-host in Vercel

Open hector opened this issue 1 year ago • 0 comments

Link to the code that reproduces this issue

https://github.com/hector/middleware-web

To Reproduce

The basic code to trigger this bus is simply to use a rewrite in the middleware of Next.js like this:

return NextResponse.rewrite(url, { request: req });

If you click on this link https://middleware-web.vercel.app/?rewrite=https://request-headers-web.vercel.app/ you are reproducing this issue. This is what is happening:

We are accessing the website https://middleware-web.vercel.app/, which will do a rewrite in the middleware for the url written in the query param "rewrite" We are pointing the rewrite to https://request-headers-web.vercel.app/ which is a website that simply prints the request headers it receives Code of https://middleware-web.vercel.app/ is public in this repo https://github.com/hector/middleware-web Code of https://request-headers-web.vercel.app/ is public in this repo https://github.com/hector/request-headers-web

Current vs. Expected behavior

I would expect to receive the following headers in https://request-headers-web.vercel.app/ server:

host: request-headers-web.vercel.app x-forwarded-host: middleware-web.vercel.app This is what I is actually received (it is printed in the page and can be easily seen):

host: request-headers-web.vercel.app x-forwarded-host: request-headers-web.vercel.app The header x-forwarded-host is not set to the original host before the rewrite. MDN Reference here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host.

Provide environment information

Operating System:
  Platform: darwin
  Arch: arm64
  Version: Darwin Kernel Version 22.6.0: Mon Apr 22 20:51:27 PDT 2024; root:xnu-8796.141.3.705.2~1/RELEASE_ARM64_T6020
  Available memory (MB): 16384
  Available CPU cores: 10
Binaries:
  Node: 20.13.1
  npm: 10.5.2
  Yarn: 1.22.22
  pnpm: 9.3.0
Relevant Packages:
  next: 15.0.0-canary.54 // Latest available version is detected (15.0.0-canary.54).
  eslint-config-next: N/A
  react: 19.0.0-rc-6f23540c7d-20240528
  react-dom: 19.0.0-rc-6f23540c7d-20240528
  typescript: 5.3.3
Next.js Config:
  output: N/A

Which area(s) are affected? (Select all that apply)

Middleware

Which stage(s) are affected? (Select all that apply)

Vercel (Deployed)

Additional context

No response

hector avatar Jul 04 '24 18:07 hector