search

vercel / next.js

The React Framework
https://nextjs.org
MIT License
124.96k stars 26.69k forks source link

[Pages Router] - Middleware breaks URL masking #55208

Open ValenCassa opened 1 year ago

ValenCassa commented 1 year ago

Link to the code that reproduces this issue or a replay of the bug

https://codesandbox.io/p/github/ValenCassa/bug-next/main?file=/middleware.ts:1,1

To Reproduce

  1. Start the application in development
  2. Click on the link
  3. Remove the middleware file
  4. Try again

Current vs. Expected behavior

Current behavior: When using middleware, the link redirects you to whatever the as prop has been set to instead of browsing to the href and masking the URL. Expected behavior: The link should should browse to the href and mask the URL based on the as prop.

Verify canary release

Provide environment information

Operating System:
      Platform: darwin
      Arch: arm64
      Version: Darwin Kernel Version 22.5.0: Mon Apr 24 20:40:17 PDT 2023; root:xnu-8796.121.2~3/RELEASE_ARM64_T8112
    Binaries:
      Node: 20.5.0
      npm: 9.8.0
      Yarn: N/A
      pnpm: N/A
    Relevant Packages:
      next: 13.4.20-canary.23
      eslint-config-next: N/A
      react: 18.2.0
      react-dom: 18.2.0
      typescript: 5.1.3
    Next.js Config:
      output: N/A

Which area(s) are affected? (Select all that apply)

Middleware / Edge (API routes, runtime), Routing (next/router, next/navigation, next/link)

Additional context

I spent several hours trying to debug what was causing the issue and was going crazy. It seems the nextUrl from the request object is returning the pathname as /test/1?id=1, so it's actually appending both whatever you're using for the as prop and the href. I tried setting the pathname manually too with no success.

vincent-aviva commented 1 year ago

We tried to implement CSP through middleware and bumped into the exact same issue. For now we did CSP in a hacky way so hopefully this issue can be solved so we can use the preferred way using middleware again.

Curious of the response from Next

ivialyi-abi commented 1 year ago

Same issue. I have a middleware for securing unauthorized routes + handle some redirects.

Now I was trying to implement a basic modal opening logic (without client-side components) based on usage of Link with "href" that appends open searchParam, and "as" prop that masks the url so that searchParam is not visible in the browser's address bar.

However, this issue prevents to implement that basic scenario :(