diff --git a/packages/next/src/build/utils.ts b/packages/next/src/build/utils.ts index 203557b34246e..13dfb63d28daa 100644 --- a/packages/next/src/build/utils.ts +++ b/packages/next/src/build/utils.ts @@ -1367,7 +1367,7 @@ export async function buildAppStaticPaths({ return StaticGenerationAsyncStorageWrapper.wrap( ComponentMod.staticGenerationAsyncStorage, { - urlPathname: page, + url: { pathname: page }, renderOpts: { originalPathname: page, incrementalCache, diff --git a/packages/next/src/client/components/static-generation-async-storage.external.ts b/packages/next/src/client/components/static-generation-async-storage.external.ts index 62a7b2c04490e..6ed246b8497a8 100644 --- a/packages/next/src/client/components/static-generation-async-storage.external.ts +++ b/packages/next/src/client/components/static-generation-async-storage.external.ts @@ -13,7 +13,11 @@ import { staticGenerationAsyncStorage } from './static-generation-async-storage- export interface StaticGenerationStore { readonly isStaticGeneration: boolean readonly pagePath?: string - readonly urlPathname: string + /** + * The URL of the request. This only specifies the pathname and the search + * part of the URL. The other parts aren't accepted so they shouldn't be used. + */ + readonly url: { readonly pathname: string; readonly search: string } readonly incrementalCache?: IncrementalCache readonly isOnDemandRevalidate?: boolean readonly isPrerendering?: boolean diff --git a/packages/next/src/lib/metadata/metadata.tsx b/packages/next/src/lib/metadata/metadata.tsx index 35be61e61b74b..c4e3c16bee950 100644 --- a/packages/next/src/lib/metadata/metadata.tsx +++ b/packages/next/src/lib/metadata/metadata.tsx @@ -58,8 +58,7 @@ export function createMetadataComponents({ ) => ParsedUrlQuery }): [React.ComponentType, React.ComponentType] { const metadataContext = { - // Make sure the pathname without query string - pathname: pathname.split('?')[0], + pathname, trailingSlash, } diff --git a/packages/next/src/lib/url.ts b/packages/next/src/lib/url.ts index 7daf240b00f49..f5969c1019449 100644 --- a/packages/next/src/lib/url.ts +++ b/packages/next/src/lib/url.ts @@ -1,14 +1,6 @@ import { NEXT_RSC_UNION_QUERY } from '../client/components/app-router-headers' -export const DUMMY_ORIGIN = 'http://n' - -function getUrlWithoutHost(url: string) { - return new URL(url, DUMMY_ORIGIN) -} - -export function getPathname(url: string) { - return getUrlWithoutHost(url).pathname -} +const DUMMY_ORIGIN = 'http://n' export function isFullStringUrl(url: string) { return /https?:\/\//.test(url) diff --git a/packages/next/src/server/app-render/app-render.tsx b/packages/next/src/server/app-render/app-render.tsx index 4c34aa849c75e..238de1b25580c 100644 --- a/packages/next/src/server/app-render/app-render.tsx +++ b/packages/next/src/server/app-render/app-render.tsx @@ -67,7 +67,6 @@ import { import { getSegmentParam } from './get-segment-param' import { getScriptNonceFromHeader } from './get-script-nonce-from-header' import { parseAndValidateFlightRouterState } from './parse-and-validate-flight-router-state' -import { validateURL } from './validate-url' import { createFlightRouterStateFromLoaderTree } from './create-flight-router-state-from-loader-tree' import { handleAction } from './action-handler' import { isBailoutToCSRError } from '../../shared/lib/lazy-dynamic/bailout-to-csr' @@ -110,6 +109,7 @@ import { import { createServerModuleMap } from './action-utils' import { isNodeNextRequest } from '../base-http/helpers' import { parseParameter } from '../../shared/lib/router/utils/route-regex' +import { parseRelativeUrl } from '../../shared/lib/router/utils/parse-relative-url' export type GetDynamicParamFromSegment = ( // [slug] / [[slug]] / [...slug] @@ -312,7 +312,7 @@ async function generateFlight( }, getDynamicParamFromSegment, appUsingSizeAdjustment, - staticGenerationStore: { urlPathname }, + staticGenerationStore: { url }, query, requestId, flightRouterState, @@ -321,7 +321,7 @@ async function generateFlight( if (!options?.skipFlight) { const [MetadataTree, MetadataOutlet] = createMetadataComponents({ tree: loaderTree, - pathname: urlPathname, + pathname: url.pathname, trailingSlash: ctx.renderOpts.trailingSlash, query, getDynamicParamFromSegment, @@ -434,7 +434,7 @@ async function ReactServerApp({ tree, ctx, asNotFound }: ReactServerAppProps) { GlobalError, createDynamicallyTrackedSearchParams, }, - staticGenerationStore: { urlPathname }, + staticGenerationStore: { url }, } = ctx const initialTree = createFlightRouterStateFromLoaderTree( tree, @@ -445,7 +445,7 @@ async function ReactServerApp({ tree, ctx, asNotFound }: ReactServerAppProps) { const [MetadataTree, MetadataOutlet] = createMetadataComponents({ tree, errorType: asNotFound ? 'not-found' : undefined, - pathname: urlPathname, + pathname: url.pathname, trailingSlash: ctx.renderOpts.trailingSlash, query, getDynamicParamFromSegment: getDynamicParamFromSegment, @@ -481,7 +481,7 @@ async function ReactServerApp({ tree, ctx, asNotFound }: ReactServerAppProps) { { - const { pathname } = validateURL(req.url) + if (!req.url) { + throw new Error('Invalid URL') + } + + const url = parseRelativeUrl(req.url, undefined, false) return RequestAsyncStorageWrapper.wrap( renderOpts.ComponentMod.requestAsyncStorage, @@ -1482,7 +1486,7 @@ export const renderToHTMLOrFlight: AppPageRender = ( StaticGenerationAsyncStorageWrapper.wrap( renderOpts.ComponentMod.staticGenerationAsyncStorage, { - urlPathname: pathname, + url, renderOpts, requestEndedState: { ended: false }, }, diff --git a/packages/next/src/server/app-render/create-component-tree.tsx b/packages/next/src/server/app-render/create-component-tree.tsx index 37dcc63261152..0241cd91dcdc9 100644 --- a/packages/next/src/server/app-render/create-component-tree.tsx +++ b/packages/next/src/server/app-render/create-component-tree.tsx @@ -229,7 +229,7 @@ async function createComponentTreeInternal({ if (typeof layoutOrPageMod?.revalidate !== 'undefined') { validateRevalidate( layoutOrPageMod?.revalidate, - staticGenerationStore.urlPathname + staticGenerationStore.url.pathname ) } @@ -539,7 +539,7 @@ async function createComponentTreeInternal({ , loadingData, ], diff --git a/packages/next/src/server/app-render/dynamic-rendering.ts b/packages/next/src/server/app-render/dynamic-rendering.ts index c818783184fce..7a247bed95120 100644 --- a/packages/next/src/server/app-render/dynamic-rendering.ts +++ b/packages/next/src/server/app-render/dynamic-rendering.ts @@ -26,7 +26,6 @@ import React from 'react' import type { StaticGenerationStore } from '../../client/components/static-generation-async-storage.external' import { DynamicServerError } from '../../client/components/hooks-server-context' import { StaticGenBailoutError } from '../../client/components/static-generation-bailout' -import { getPathname } from '../../lib/url' const hasPostpone = typeof React.unstable_postpone === 'function' @@ -76,7 +75,7 @@ export function markCurrentScopeAsDynamic( store: StaticGenerationStore, expression: string ): void { - const pathname = getPathname(store.urlPathname) + const { pathname } = store.url if (store.isUnstableCacheCallback) { // inside cache scopes marking a scope as dynamic has no effect because the outer cache scope // creates a cache boundary. This is subtly different from reading a dynamic data source which is @@ -123,7 +122,7 @@ export function trackDynamicDataAccessed( store: StaticGenerationStore, expression: string ): void { - const pathname = getPathname(store.urlPathname) + const { pathname } = store.url if (store.isUnstableCacheCallback) { throw new Error( `Route ${pathname} used "${expression}" inside a function cached with "unstable_cache(...)". Accessing Dynamic data sources inside a cache scope is not supported. If you need this data inside a cached function use "${expression}" outside of the cached function and pass the required dynamic data in as an argument. See more info here: https://nextjs.org/docs/app/api-reference/functions/unstable_cache` @@ -184,7 +183,7 @@ export function trackDynamicFetch( // don't need to postpone. if (!store.prerenderState || store.isUnstableCacheCallback) return - postponeWithTracking(store.prerenderState, expression, store.urlPathname) + postponeWithTracking(store.prerenderState, expression, store.url.pathname) } function postponeWithTracking( diff --git a/packages/next/src/server/app-render/validate-url.test.ts b/packages/next/src/server/app-render/validate-url.test.ts deleted file mode 100644 index 4415965c8fb74..0000000000000 --- a/packages/next/src/server/app-render/validate-url.test.ts +++ /dev/null @@ -1,13 +0,0 @@ -import { validateURL } from './validate-url' - -describe('validateUrl', () => { - it('should return valid pathname', () => { - expect(validateURL('/').pathname).toBe('/') - expect(validateURL('/abc').pathname).toBe('/abc') - }) - - it('should throw for invalid pathname', () => { - expect(() => validateURL('//**y/\\')).toThrow() - expect(() => validateURL('//google.com')).toThrow() - }) -}) diff --git a/packages/next/src/server/app-render/validate-url.ts b/packages/next/src/server/app-render/validate-url.ts deleted file mode 100644 index 723442ec4f9fb..0000000000000 --- a/packages/next/src/server/app-render/validate-url.ts +++ /dev/null @@ -1,18 +0,0 @@ -const DUMMY_ORIGIN = 'http://n' -const INVALID_URL_MESSAGE = 'Invalid request URL' - -export function validateURL(url: string | undefined): URL { - if (!url) { - throw new Error(INVALID_URL_MESSAGE) - } - try { - const parsed = new URL(url, DUMMY_ORIGIN) - // Avoid origin change by extra slashes in pathname - if (parsed.origin !== DUMMY_ORIGIN) { - throw new Error(INVALID_URL_MESSAGE) - } - return parsed - } catch { - throw new Error(INVALID_URL_MESSAGE) - } -} diff --git a/packages/next/src/server/async-storage/static-generation-async-storage-wrapper.ts b/packages/next/src/server/async-storage/static-generation-async-storage-wrapper.ts index bbe9d42e1bb86..c090c43984cdd 100644 --- a/packages/next/src/server/async-storage/static-generation-async-storage-wrapper.ts +++ b/packages/next/src/server/async-storage/static-generation-async-storage-wrapper.ts @@ -8,7 +8,11 @@ import { createPrerenderState } from '../../server/app-render/dynamic-rendering' import type { FetchMetric } from '../base-http' export type StaticGenerationContext = { - urlPathname: string + /** + * The URL of the request. This only specifies the pathname and the search + * part of the URL. The other parts aren't accepted so they shouldn't be used. + */ + url: { pathname: string; search?: string } requestEndedState?: { ended?: boolean } renderOpts: { incrementalCache?: IncrementalCache @@ -51,7 +55,7 @@ export const StaticGenerationAsyncStorageWrapper: AsyncStorageWrapper< > = { wrap( storage: AsyncLocalStorage, - { urlPathname, renderOpts, requestEndedState }: StaticGenerationContext, + { url, renderOpts, requestEndedState }: StaticGenerationContext, callback: (store: StaticGenerationStore) => Result ): Result { /** @@ -83,7 +87,13 @@ export const StaticGenerationAsyncStorageWrapper: AsyncStorageWrapper< const store: StaticGenerationStore = { isStaticGeneration, - urlPathname, + // Rather than just using the whole `url` here, we pull the parts we want + // to ensure we don't use parts of the URL that we shouldn't. This also + // lets us avoid requiring an empty string for `search` in the type. + url: { + pathname: url.pathname, + search: url.search ?? '', + }, pagePath: renderOpts.originalPathname, incrementalCache: // we fallback to a global incremental cache for edge-runtime locally diff --git a/packages/next/src/server/future/route-modules/app-route/module.ts b/packages/next/src/server/future/route-modules/app-route/module.ts index 10671285fa829..cfb37d03a7ce1 100644 --- a/packages/next/src/server/future/route-modules/app-route/module.ts +++ b/packages/next/src/server/future/route-modules/app-route/module.ts @@ -257,7 +257,7 @@ export class AppRouteRouteModule extends RouteModule< // Get the context for the static generation. const staticGenerationContext: StaticGenerationContext = { - urlPathname: rawRequest.nextUrl.pathname, + url: rawRequest.nextUrl, renderOpts: context.renderOpts, } diff --git a/packages/next/src/server/lib/patch-fetch.ts b/packages/next/src/server/lib/patch-fetch.ts index ac95be913d426..20bfea528c97b 100644 --- a/packages/next/src/server/lib/patch-fetch.ts +++ b/packages/next/src/server/lib/patch-fetch.ts @@ -129,7 +129,10 @@ const getDerivedTags = (pathname: string): string[] => { export function addImplicitTags(staticGenerationStore: StaticGenerationStore) { const newTags: string[] = [] - const { pagePath, urlPathname } = staticGenerationStore + const { + pagePath, + url: { pathname }, + } = staticGenerationStore if (!Array.isArray(staticGenerationStore.tags)) { staticGenerationStore.tags = [] @@ -147,10 +150,8 @@ export function addImplicitTags(staticGenerationStore: StaticGenerationStore) { } } - if (urlPathname) { - const parsedPathname = new URL(urlPathname, 'http://n').pathname - - const tag = `${NEXT_CACHE_IMPLICIT_TAG_ID}${parsedPathname}` + if (pathname) { + const tag = `${NEXT_CACHE_IMPLICIT_TAG_ID}${pathname}` if (!staticGenerationStore.tags?.includes(tag)) { staticGenerationStore.tags.push(tag) } @@ -331,7 +332,7 @@ function createPatchedFetcher( // we only want to warn if the user is explicitly setting a cache value if (!(isRequestInput && _cache === 'default')) { Log.warn( - `fetch for ${fetchUrl} on ${staticGenerationStore.urlPathname} specified "cache: ${_cache}" and "revalidate: ${curRevalidate}", only one should be specified.` + `fetch for ${fetchUrl} on ${staticGenerationStore.url.pathname} specified "cache: ${_cache}" and "revalidate: ${curRevalidate}", only one should be specified.` ) } _cache = undefined @@ -360,7 +361,7 @@ function createPatchedFetcher( revalidate = validateRevalidate( curRevalidate, - staticGenerationStore.urlPathname + staticGenerationStore.url.pathname ) const _headers = getRequestMeta('headers') @@ -686,8 +687,8 @@ function createPatchedFetcher( if (!staticGenerationStore.forceStatic && cache === 'no-store') { const dynamicUsageReason = `no-store fetch ${input}${ - staticGenerationStore.urlPathname - ? ` ${staticGenerationStore.urlPathname}` + staticGenerationStore.url.pathname + ? ` ${staticGenerationStore.url.pathname}` : '' }` @@ -722,8 +723,8 @@ function createPatchedFetcher( next.revalidate === 0 ) { const dynamicUsageReason = `revalidate: 0 fetch ${input}${ - staticGenerationStore.urlPathname - ? ` ${staticGenerationStore.urlPathname}` + staticGenerationStore.url.pathname + ? ` ${staticGenerationStore.url.pathname}` : '' }` diff --git a/packages/next/src/server/web/spec-extension/revalidate.ts b/packages/next/src/server/web/spec-extension/revalidate.ts index 00996c7d188f2..93e93bff4777a 100644 --- a/packages/next/src/server/web/spec-extension/revalidate.ts +++ b/packages/next/src/server/web/spec-extension/revalidate.ts @@ -4,7 +4,6 @@ import { NEXT_CACHE_IMPLICIT_TAG_ID, NEXT_CACHE_SOFT_TAG_MAX_LENGTH, } from '../../../lib/constants' -import { getPathname } from '../../../lib/url' import { staticGenerationAsyncStorage } from '../../../client/components/static-generation-async-storage.external' /** @@ -51,9 +50,7 @@ function revalidate(tag: string, expression: string) { if (store.isUnstableCacheCallback) { throw new Error( - `Route ${getPathname( - store.urlPathname - )} used "${expression}" inside a function cached with "unstable_cache(...)" which is unsupported. To ensure revalidation is performed consistently it must always happen outside of renders and cached functions. See more info here: https://nextjs.org/docs/app/building-your-application/rendering/static-and-dynamic#dynamic-rendering` + `Route ${store.url.pathname} used "${expression}" inside a function cached with "unstable_cache(...)" which is unsupported. To ensure revalidation is performed consistently it must always happen outside of renders and cached functions. See more info here: https://nextjs.org/docs/app/building-your-application/rendering/static-and-dynamic#dynamic-rendering` ) } diff --git a/packages/next/src/server/web/spec-extension/unstable-cache.ts b/packages/next/src/server/web/spec-extension/unstable-cache.ts index e700985c71453..8e670ad46abdb 100644 --- a/packages/next/src/server/web/spec-extension/unstable-cache.ts +++ b/packages/next/src/server/web/spec-extension/unstable-cache.ts @@ -305,7 +305,7 @@ export function unstable_cache( // when the unstable_cache call is revalidated fetchCache: 'force-no-store', isUnstableCacheCallback: true, - urlPathname: '/', + url: { pathname: '/', search: '' }, isStaticGeneration: false, prerenderState: null, }, diff --git a/packages/next/src/shared/lib/router/utils/parse-relative-url.test.ts b/packages/next/src/shared/lib/router/utils/parse-relative-url.test.ts new file mode 100644 index 0000000000000..8c71acfda0b83 --- /dev/null +++ b/packages/next/src/shared/lib/router/utils/parse-relative-url.test.ts @@ -0,0 +1,20 @@ +import { parseRelativeUrl } from './parse-relative-url' + +describe('relative urls', () => { + it('should return valid pathname', () => { + expect(parseRelativeUrl('/').pathname).toBe('/') + expect(parseRelativeUrl('/abc').pathname).toBe('/abc') + }) + + it('should throw for invalid pathname', () => { + expect(() => parseRelativeUrl('//**y/\\')).toThrow() + expect(() => parseRelativeUrl('//google.com')).toThrow() + }) +}) + +describe('query parsing', () => { + it('should parse query string', () => { + expect(parseRelativeUrl('/?a=1&b=2').query).toEqual({ a: '1', b: '2' }) + expect(parseRelativeUrl('/').query).toEqual({}) + }) +}) diff --git a/packages/next/src/shared/lib/router/utils/parse-relative-url.ts b/packages/next/src/shared/lib/router/utils/parse-relative-url.ts index eb3ccedf6d1f2..bb1b757225578 100644 --- a/packages/next/src/shared/lib/router/utils/parse-relative-url.ts +++ b/packages/next/src/shared/lib/router/utils/parse-relative-url.ts @@ -18,8 +18,19 @@ export interface ParsedRelativeUrl { */ export function parseRelativeUrl( url: string, - base?: string -): ParsedRelativeUrl { + base?: string, + parseQuery?: true +): ParsedRelativeUrl +export function parseRelativeUrl( + url: string, + base: string | undefined, + parseQuery: false +): Omit +export function parseRelativeUrl( + url: string, + base?: string, + parseQuery = true +): ParsedRelativeUrl | Omit { const globalBase = new URL( typeof window === 'undefined' ? 'http://n' : getLocationOrigin() ) @@ -34,14 +45,16 @@ export function parseRelativeUrl( url, resolvedBase ) + if (origin !== globalBase.origin) { throw new Error(`invariant: invalid relative URL, router received ${url}`) } + return { pathname, - query: searchParamsToUrlQuery(searchParams), + query: parseQuery ? searchParamsToUrlQuery(searchParams) : undefined, search, hash, - href: href.slice(globalBase.origin.length), + href: href.slice(origin.length), } } diff --git a/packages/next/src/shared/lib/router/utils/resolve-rewrites.ts b/packages/next/src/shared/lib/router/utils/resolve-rewrites.ts index c886a718d6004..4c1bb545147b6 100644 --- a/packages/next/src/shared/lib/router/utils/resolve-rewrites.ts +++ b/packages/next/src/shared/lib/router/utils/resolve-rewrites.ts @@ -5,7 +5,7 @@ import { matchHas, prepareDestination } from './prepare-destination' import { removeTrailingSlash } from './remove-trailing-slash' import { normalizeLocalePath } from '../../i18n/normalize-locale-path' import { removeBasePath } from '../../../../client/remove-base-path' -import { parseRelativeUrl } from './parse-relative-url' +import { parseRelativeUrl, type ParsedRelativeUrl } from './parse-relative-url' export default function resolveRewrites( asPath: string, @@ -20,7 +20,7 @@ export default function resolveRewrites( locales?: string[] ): { matchedPage: boolean - parsedAs: ReturnType + parsedAs: ParsedRelativeUrl asPath: string resolvedHref?: string externalDest?: boolean