Error: Invalid argument: Looks like you're calling Next.js Middleware with cookie reserved for internal use.

[steve-marmalade]

FYI I am seeing the following error after calling redirect in a server action in v13.5.7-canary.29

Unhandled authentication error {
  error:  [Error: Invalid argument: Looks like you're calling Next.js Middleware with cookie reserved for internal use. Please remove x-next-firebase-auth-edge-verified from request cookies.] {
  code: 'INVALID_ARGUMENT'
}

I can help debug later, but figured I'd let you know ASAP in case it's helpful :pray:

[steve-marmalade]

Adding a little additional context:

Observed behavior: as a result of this issue, the auth error would put the application into an unauthenticated state. Refreshing the page would restore authentication state, since the client-side library would be able to send the token to the middleware.

Workaround: by simply following the instructions in the error message and removing the cookie before redirecting, my application is behaving as expected.

  cookies().delete("x-next-firebase-auth-edge-verified");

[awinogrodzki]

Hey @steve-marmalade ! Thanks for reporting.

x-next-firebase-auth-edge-verified is used for middleware verification caching. We check if the token was verified in Middleware to skip the verification inside API routes or pages.

It seems that in canary version, Next.js restricted the use of custom headers. I will address that soon.

[awinogrodzki]

Hey @steve-marmalade! It seems that the error does no longer appear in 13.5.7-canary.37. Could you verify?

[abusada]

I'm on

"next": "14.0.1",
"next-firebase-auth-edge": "^0.10.0",

and facing the same issue.

[awinogrodzki]

@abusada @steve-marmalade the issue is fixed in next-firebase-auth-edge@0.10.1