fix(backend): harden FAPI proxy resilience and spec compliance#8163
fix(backend): harden FAPI proxy resilience and spec compliance#8163
Conversation
…ipping, and DELETE body support - Propagate client abort signal to upstream fetch to prevent zombie requests - Strip dynamic hop-by-hop headers listed in the Connection header (RFC 7230) - Support request bodies on DELETE (and any method), not just POST/PUT/PATCH - Add Cache-Control: no-store to error responses to prevent CDN caching - Only set duplex option when request has a body Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
🦋 Changeset detectedLatest commit: 545a88c The changes in this PR will be included in the next version bump. This PR includes changesets to release 11 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
@clerk/agent-toolkit
@clerk/astro
@clerk/backend
@clerk/chrome-extension
@clerk/clerk-js
@clerk/dev-cli
@clerk/expo
@clerk/expo-passkeys
@clerk/express
@clerk/fastify
@clerk/hono
@clerk/localizations
@clerk/nextjs
@clerk/nuxt
@clerk/react
@clerk/react-router
@clerk/shared
@clerk/tanstack-react-start
@clerk/testing
@clerk/ui
@clerk/upgrade
@clerk/vue
commit: |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Organization UI (inherited) Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughProxy logic changed to use a Set for hop-by-hop headers and added 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as resolved.
This comment was marked as resolved.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.changeset/tough-ghosts-ask.md:
- Line 5: The changeset summary contains a spelling mistake: replace the
misspelled token "aobrt" with "abort" in the summary sentence (the phrase
"adding support for aobrt signals" should read "adding support for abort
signals") so the release notes/changelog shows the correct word; update the
summary text in the changeset file where that token appears.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: ASSERTIVE
Plan: Pro
Run ID: a8f5d12c-abae-4778-9f39-edecdb62d566
📒 Files selected for processing (1)
.changeset/tough-ghosts-ask.md
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
2 participants
Summary
fetch()to prevent zombie requests when clients disconnectConnectionheader per RFC 7230 Section 6.1, for both request and response header copyingrequest.body !== nullinstead of a method allowlistCache-Control: no-storeto all error responses to prevent CDN/browser caching of transient errorsduplex: 'half'when the request actually has a body, avoiding unnecessary option on bodyless requestsHOP_BY_HOP_HEADERSfrom array toSetfor O(1) lookupsTest plan
duplex: 'half'Cache-Control: no-storeConnectionheader are stripped from forwarded requests🤖 Generated with Claude Code
Summary by CodeRabbit
Bug Fixes
Tests
Chores