Skip to content

Fix/action forward loop guard #84525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: canary
Choose a base branch
from
Open

Fix/action forward loop guard #84525

wants to merge 2 commits into from

Conversation

LiamBoz
Copy link

@LiamBoz LiamBoz commented Oct 5, 2025

What?

Fixes #84504

Add a minimal loop-detection guard to createForwardedActionResponse so a Server Action request that has already been forwarded (marked by x-action-forwarded=1) is not forwarded again. Instead, we return early (no second forward).

  • File: packages/next/src/server/app-render/action-handler.ts
  • Behavior change: if x-action-forwarded=1 is present on the incoming request, return from createForwardedActionResponse without forwarding again.

Why?

In apps that use Middleware rewrites, a forwarded Server Action request can be rewritten to a path that triggers forwarding again, causing an infinite loop (e.g. /rewrite/other → /rewrite/... → /rewrite/rewrite/... → …). This leads to repeated logs and a server action that never resolves.

This guard breaks the cycle with very low risk by only affecting requests that were already forwarded once.

How?

At the start of createForwardedActionResponse, inspect the incoming headers:

  • If x-action-forwarded=1 is present → return (do not forward again).
  • Otherwise, proceed as before and set x-action-forwarded=1 on the outgoing forwarded request.

Works in both Node and Edge:

  • If req.headers is already a Headers (Edge), use it.
  • Otherwise adapt Node headers via HeadersAdapter.

Test Plan

Manual (using the public repro)

  • With this patch built and packed into the repro app:
    • Trigger the fast Run action → Navigate sequence.
    • Confirm:
      • No repeated /rewrite/... requests or log spam.
      • The page no longer gets stuck due to an infinite forwarding loop.

Notes: This PR intentionally focuses on loop prevention. A broader follow-up could make forwarded requests mirror the pre-rewrite target to ensure resolution semantics remain identical under rewrites. That would be a separate change.

Risk

Low:

  • Only affects requests that already bear x-action-forwarded=1.
  • Does not change the initial legitimate forward.
  • Keeps all other server action behavior intact.

For Contributors Checklist

  • Bug fix
  • Related issue linked (Fixes #84504)
  • Repro steps included (public repo)
  • Ran pnpm prettier-fix locally
  • Tests: this is a minimal guard; happy to add a small e2e that simulates a rewrite + quick navigation if maintainers prefer (guidance welcome)

@ijjk ijjk added the type: next label Oct 5, 2025
@ijjk
Copy link
Member

ijjk commented Oct 5, 2025

Allow CI Workflow Run

  • approve CI run for commit: 2c68259

Note: this should only be enabled once the PR is ready to go and can only be enabled by a maintainer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type: next

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Forwarded server actions with middleware rewrites cause an infinite request loop

2 participants

@LiamBoz @ijjk