search

sst / open-next

Open source Next.js serverless adapter
https://open-next.js.org
MIT License
3.7k stars 111 forks source link

fix(edge): remove read-only and blacklisted headers from cloudfront response #393

Closed lucasvieirasilva closed 3 months ago

lucasvieirasilva commented 3 months ago

This PR changes the CloudFront event mapper to remove blacklisted and read-only headers from the CloudFront response.

Reason

When a server action is called Next.js tries to set the Keep-alive header which it can't be provided in the CloudFront Lambda Edge.

That returns the following response

Status Code: 502

Response:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>502 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
The Lambda function result failed validation: The function tried to add a blacklisted header.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: gaOBxQLbSxm0GXcyaL7XMbBVwaAzyQpZ9XhoBm0i2ZBOWn9SZk303g==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

Solution

There's an AWS document that lists all the blacklisted and read-only headers

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge-function-restrictions-all.html#function-restrictions-headers

Based on this doc, I've changed the event-mapper to remove those headers from the response.

References

392

changeset-bot[bot] commented 3 months ago

🦋 Changeset detected

Latest commit: 4ae591e0bf7616855e385b6fd1427ee0faaed4e2

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages | Name | Type | | ---------------- | ----- | | open-next | Patch | | app-pages-router | Patch | | app-router | Patch | | tests-unit | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

vercel[bot] commented 3 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
open-next ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 1, 2024 11:05am
khuezy commented 3 months ago

Thanks for the report and PR! Just 1 minor nit wrt the logging.

lucasvieirasilva commented 3 months ago

Thanks @khuezy I've replaced the console.log to debug.

lucasvieirasilva commented 3 months ago

@conico974 I've made all the changes you requested