Zack Tanner

This commit performs **maintenance** within the **`adapters` module** by **removing dead code** related to a redundant flag and its associated regex. The flag's true and false states consistently yielded the same regex value, rendering the flag and its conditional logic obsolete. This **code cleanup** improves the codebase's clarity and reduces unnecessary complexity without introducing any functional changes or regressions.

This commit provides a **bug fix** for the **deployment adapter** to correctly handle **React Server Component (RSC) requests** in deployed environments. Previously, dynamic full-route RSC requests containing query parameters were misclassified as HTML by the `onCacheEntryV2` function, leading to an **invalid HTML response** instead of the expected RSC payload. The fix involves **normalizing the URL** by passing only the pathname, without query parameters, to `onCacheEntryV2`, ensuring that `.rsc` endpoints are correctly identified. This change specifically impacts **PPR (Partial Prerendering)** and **root parameter RSC fallback** scenarios, as validated by new end-to-end tests.

This commit **enhances the developer experience** by significantly improving the warning messages for **blocked cross-site development requests** within the Next.js server. It introduces new helper functions in `packages/next/src/server/lib/router-utils/block-cross-site-dev.ts` to generate more detailed and actionable guidance for users. The updated messages now explicitly name the blocked resource and provide an inline `allowedDevOrigins` configuration snippet when the source host is known, or explain why it cannot be inferred. This **maintenance** update ensures developers receive clearer instructions and actionable advice, with new tests verifying the accuracy of these improved warnings.

This commit introduces a **security enhancement** by changing the default behavior of **Next.js's development server** to **block disallowed cross-origin requests** to internal dev resources. Previously, these requests would only trigger a warning, but now they are actively blocked unless explicitly allowlisted via `allowedDevOrigins` or matching a built-in local allowlist. This **feature modification** to the `block-cross-site-dev.ts` utility significantly improves the **security posture** of the development environment. The change is accompanied by **expanded test coverage** in `allowed-dev-origins.test.ts` for various blocking scenarios and **updated documentation** for `allowedDevOrigins` to reflect the new default enforcement.

This commit **fixes a bug** in the **Next.js development server** where `allowedDevOrigins` did not correctly apply to cross-site `no-cors` requests for internal development assets. It modifies the `blockCrossSiteDEV` logic within `packages/next/src/server/lib/router-utils/block-cross-site-dev.ts` to fall back to checking the `Referer` header when the `Origin` header is absent, which is common for `no-cors` subresource loads. This **bug fix** ensures that explicitly allowlisted hosts can now properly load `/_next/*` resources without being erroneously blocked. New tests in `test/development/basic/allowed-dev-origins.test.ts` validate this behavior, improving the reliability of cross-site development setups.

This commit delivers a **critical security fix** for **Next.js Server Actions**, addressing a potential **Cross-Site Request Forgery (CSRF) vulnerability**. It modifies the `handleAction` function within the **server-side rendering pipeline** to explicitly disallow Server Action submissions originating from **privacy-sensitive contexts**, specifically 'null' or opaque origins. This **enhances the security posture** of applications by ensuring Server Actions are only processed from trusted sources, and is thoroughly validated by the addition of comprehensive **end-to-end tests** covering various opaque origin scenarios.

This commit introduces a **critical security fix** by applying a patch to the **`http-proxy` library** (version 1.18.1). The patch specifically improves the handling of `Transfer-Encoding` and `Connection` headers within functions like `setupOutgoing` and `deleteLength` to **prevent request smuggling vulnerabilities**. This directly enhances the **security posture of Next.js applications** that utilize proxying and rewrite features. New end-to-end tests have been added to validate the effectiveness of this mitigation against rewrite request smuggling.

This commit introduces a crucial **security fix** for the **Next.js development server**, specifically preventing cross-site websocket connections from privacy-sensitive origins. It **refactors** and enhances the `blockCrossSiteDEV` utility within the `router-utils` module, improving its logic to correctly identify and block these potentially vulnerable requests. The **server-side routing** (`router-server.ts`) is updated to integrate this improved blocking mechanism, ensuring that the development environment is more secure. New **tests** are added to confirm the correct behavior of blocking cross-site requests, directly addressing the security vulnerability detailed in GHSA-jcc7-9wpm-mj36.

This commit introduces a **maintenance fix** to the **end-to-end testing suite** by conditionally **disabling specific sub-shell generation tests**. The tests, located in `test/e2e/app-dir/sub-shell-generation-middleware/sub-shell-generation-middleware.test.ts` and `test/e2e/app-dir/sub-shell-generation/sub-shell-generation.test.ts`, were **failing in deploy mode** when run outside the new Vercel adapter environment. This is due to upcoming changes in shell-related behavior tied to the `partialFallbacks` flag, which is not backported to the old CLI. By adding a conditional skip based on the `NEXT_ENABLE_ADAPTER` environment variable, this change ensures the **test suite remains stable** and tests are only executed in compatible deployment environments.

This commit introduces a significant **refinement to the partial fallback shells mechanism** in Next.js, specifically impacting the **runtime behavior of `next start`** for dynamic routes. It enhances how generic fallback shells are completed, promoting them to the **most specific prerendered shell** for a given branch (e.g., `/[one]/[two]` becomes `/c/[two]` if `[one]` is static) rather than a fully concrete route. This **feature enhancement** ensures that later requests can reuse a more complete shell, improving **server-side rendering efficiency** for partially static dynamic routes while still streaming dynamic content for remaining parameters. The change aligns runtime logic with the build-time `remainingPrerenderableParams` contract, affecting how **prerendering** and `generateStaticParams` interact with dynamic route serving and revalidation.

This commit **refines the partial fallback upgrading mechanism** in Next.js, addressing an issue where it was applied too broadly to shells that could not be further specialized by `generateStaticParams`. It introduces a check for `remainingPrerenderableParams` during **static path generation**, ensuring that `partialFallback` metadata and `allowQuery` are only emitted for shells that still have unresolved pathname parameters. This **refinement** limits the feature to its intended use case, preventing unnecessary background promotion and improving the accuracy of the build output for **dynamic routes** with partial prerendering. The change primarily affects the **Next.js server's prerendering logic** and is supported by extensive new **test cases** for various partial fallback scenarios.

This commit **re-enables the RDC deployment tests**, which were previously deactivated. This **maintenance** action ensures that the automated validation suite for the **RDC deployment process** is fully operational again. By reactivating these critical tests, the project gains improved confidence in the stability and correctness of future RDC deployments. The re-enabled test flag is now properly associated with the designated test team for ongoing monitoring and ownership.

This commit **reverts a previous change** that excluded `partial-fallback` functionality for deploy mode, effectively **re-enabling this feature flag for test teams**. As part of this **maintenance** effort, an **end-to-end test** for `partial-fallback-shell-upgrade` within the `app-dir` is re-activated. This ensures the `partial-fallback` behavior can be thoroughly validated in deployment scenarios, with the test conditionally skipping execution for adapter tests.

This commit delivers a **bug fix** addressing a **request normalization gap** within the **App Router's app-page route module**. Previously, internal RSC and segment-prefetch URLs (e.g., `_tree.segment.rsc`) could incorrectly persist in `req.url` after pathname normalization, leading to these internal paths being exposed via `usePathname()` during server rendering. A new utility function, `normalizeAppPageRequestUrl`, is introduced and integrated into `packages/next/src/server/route-modules/app-page/module.ts` to ensure `req.url` is correctly updated. This prevents the leakage of internal segment paths, ensuring the **App Router** consistently reports the canonical URL.

This commit **gates** the previously introduced **partial fallback upgrading feature** behind a new **experimental configuration flag**, `partialFallbacks`. This **feature management** change updates the **Next.js server configuration schema** and shared runtime configuration to include the flag, defaulting it to `false`. The primary impact is to allow for **isolated testing and stabilization** of the partial fallbacks functionality within the **app directory**, preventing its general availability until it's deemed stable. Corresponding **end-to-end tests** are updated to explicitly enable this flag for their specific test cases.

This commit **reverts a previous change** that introduced conditional `htmlAllowQuery` logic for partial fallback shells, which was causing **cache fragmentation** and degraded performance. This **performance fix** simplifies the **Next.js build-time caching strategy** for **fallback shells** by ensuring `htmlAllowQuery` consistently uses an empty array for postponed prerenders. The revert impacts the `onPrerenderRoute` utility, correcting the **HTML caching behavior** to prevent unnecessary CDN cache key variations. This **maintenance** action aims to improve the stability and efficiency of how fallback pages are cached.

This commit **re-introduces** the **Partial Fallback Prerendering** feature, enabling dynamic routes to initially render a partial UI and then seamlessly **upgrade to a full route shell** as parameters become available. This **feature enhancement** modifies the **incremental cache** and **response cache** by adding and utilizing an `isFallback` status within cache entries via `index.ts`, `types.ts`, and `utils.ts`. The change improves the user experience for dynamic pages by providing a more progressive loading state, now supported by necessary upstream infrastructure. Extensive **e2e tests** have been added and updated to verify the correct behavior of this partial fallback shell upgrading.

preserve allowQuery for partial fallback shells (#90887)

partial fallbacks: add adapter flag (#90395)

This commit **improves the robustness of the CI/CD pipeline** by adding `continue-on-error: true` to specific "Check token" steps within the `.github/workflows/test_e2e_deploy_release.yml` workflow. This **maintenance** change prevents transient or unreliable GitHub authentication checks from prematurely failing the entire **deploy test workflow**. By allowing subsequent steps to proceed even if the token check encounters an issue, it ensures that the core deployment tests can still run, reducing false negatives and improving developer experience.