-
Notifications
You must be signed in to change notification settings - Fork 26.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
middlewares: limit process.env
to inferred usage
#33186
Merged
kodiakhq
merged 8 commits into
vercel:canary
from
Schniz:limit-process-env-to-middleware-env-output
Jan 12, 2022
Merged
middlewares: limit process.env
to inferred usage
#33186
kodiakhq
merged 8 commits into
vercel:canary
from
Schniz:limit-process-env-to-middleware-env-output
Jan 12, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Production middlewares will only expose env vars that are statically analyzable, as mentioned here: https://nextjs.org/docs/api-reference/next/server#how-do-i-access-environment-variables This creates some incompatibility with `next dev` and `next start`, where all `process.env` data is shared and can lead to unexpected behavior in runtime. This PR fixes it by limiting the data in `process.env` with the inferred env vars from the code usage.
Schniz
requested review from
huozhi,
ijjk,
shuding and
timneutkens
as code owners
January 11, 2022 12:56
This comment has been minimized.
This comment has been minimized.
sokra
previously approved these changes
Jan 11, 2022
This comment has been minimized.
This comment has been minimized.
ijjk
reviewed
Jan 11, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good after we resolve the failing test case:
FAIL test/integration/react-streaming-and-server-components/test/index.test.js (78.221 s)
● concurrentFeatures - prod › should render the correct html
expect(received).toContain(expected) // indexOf
Expected substring: "env:env_var_test"
Received string: "<!DOCTYPE html>
sokra
reviewed
Jan 12, 2022
Co-authored-by: Tobias Koppers <tobias.koppers@googlemail.com>
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
shuding
approved these changes
Jan 12, 2022
javivelasco
approved these changes
Jan 12, 2022
This comment has been minimized.
This comment has been minimized.
Stats from current PRDefault Build (Increase detected
|
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
buildDuration | 16.7s | 16s | -666ms |
buildDurationCached | 3.5s | 3.5s | -39ms |
nodeModulesSize | 355 MB | 355 MB |
Page Load Tests Overall increase ✓
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
/ failed reqs | 0 | 0 | ✓ |
/ total time (seconds) | 3.08 | 3.056 | -0.02 |
/ avg req/sec | 811.77 | 818.13 | +6.36 |
/error-in-render failed reqs | 0 | 0 | ✓ |
/error-in-render total time (seconds) | 2.681 | 1.512 | -1.17 |
/error-in-render avg req/sec | 932.49 | 1653.12 | +720.63 |
Client Bundles (main, webpack, commons)
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
450.HASH.js gzip | 179 B | 179 B | ✓ |
framework-HASH.js gzip | 42.2 kB | 42.2 kB | ✓ |
main-HASH.js gzip | 27.2 kB | 27.2 kB | ✓ |
webpack-HASH.js gzip | 1.45 kB | 1.45 kB | ✓ |
Overall change | 71 kB | 71 kB | ✓ |
Legacy Client Bundles (polyfills)
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
polyfills-HASH.js gzip | 31 kB | 31 kB | ✓ |
Overall change | 31 kB | 31 kB | ✓ |
Client Pages
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
_app-HASH.js gzip | 1.37 kB | 1.37 kB | ✓ |
_error-HASH.js gzip | 194 B | 194 B | ✓ |
amp-HASH.js gzip | 312 B | 312 B | ✓ |
css-HASH.js gzip | 326 B | 326 B | ✓ |
dynamic-HASH.js gzip | 2.37 kB | 2.37 kB | ✓ |
head-HASH.js gzip | 350 B | 350 B | ✓ |
hooks-HASH.js gzip | 919 B | 919 B | ✓ |
image-HASH.js gzip | 4.74 kB | 4.74 kB | ✓ |
index-HASH.js gzip | 263 B | 263 B | ✓ |
link-HASH.js gzip | 2.13 kB | 2.13 kB | ✓ |
routerDirect..HASH.js gzip | 321 B | 321 B | ✓ |
script-HASH.js gzip | 383 B | 383 B | ✓ |
withRouter-HASH.js gzip | 318 B | 318 B | ✓ |
85e02e95b279..7e3.css gzip | 107 B | 107 B | ✓ |
Overall change | 14.1 kB | 14.1 kB | ✓ |
Client Build Manifests
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
_buildManifest.js gzip | 459 B | 459 B | ✓ |
Overall change | 459 B | 459 B | ✓ |
Rendered Page Sizes
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
index.html gzip | 532 B | 532 B | ✓ |
link.html gzip | 546 B | 546 B | ✓ |
withRouter.html gzip | 527 B | 527 B | ✓ |
Overall change | 1.6 kB | 1.6 kB | ✓ |
Default Build with SWC
General Overall increase ⚠️
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
buildDuration | 16.9s | 16.9s | |
buildDurationCached | 3.4s | 3.4s | -23ms |
nodeModulesSize | 355 MB | 355 MB |
Page Load Tests Overall increase ✓
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
/ failed reqs | 0 | 0 | ✓ |
/ total time (seconds) | 3.13 | 3.047 | -0.08 |
/ avg req/sec | 798.8 | 820.47 | +21.67 |
/error-in-render failed reqs | 0 | 0 | ✓ |
/error-in-render total time (seconds) | 1.411 | 1.425 | |
/error-in-render avg req/sec | 1772.14 | 1754.67 |
Client Bundles (main, webpack, commons)
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
450.HASH.js gzip | 179 B | 179 B | ✓ |
framework-HASH.js gzip | 42.3 kB | 42.3 kB | ✓ |
main-HASH.js gzip | 27.3 kB | 27.3 kB | ✓ |
webpack-HASH.js gzip | 1.44 kB | 1.44 kB | ✓ |
Overall change | 71.2 kB | 71.2 kB | ✓ |
Legacy Client Bundles (polyfills)
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
polyfills-HASH.js gzip | 31 kB | 31 kB | ✓ |
Overall change | 31 kB | 31 kB | ✓ |
Client Pages
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
_app-HASH.js gzip | 1.35 kB | 1.35 kB | ✓ |
_error-HASH.js gzip | 180 B | 180 B | ✓ |
amp-HASH.js gzip | 305 B | 305 B | ✓ |
css-HASH.js gzip | 321 B | 321 B | ✓ |
dynamic-HASH.js gzip | 2.36 kB | 2.36 kB | ✓ |
head-HASH.js gzip | 342 B | 342 B | ✓ |
hooks-HASH.js gzip | 906 B | 906 B | ✓ |
image-HASH.js gzip | 4.76 kB | 4.76 kB | ✓ |
index-HASH.js gzip | 256 B | 256 B | ✓ |
link-HASH.js gzip | 2.19 kB | 2.19 kB | ✓ |
routerDirect..HASH.js gzip | 314 B | 314 B | ✓ |
script-HASH.js gzip | 375 B | 375 B | ✓ |
withRouter-HASH.js gzip | 309 B | 309 B | ✓ |
85e02e95b279..7e3.css gzip | 107 B | 107 B | ✓ |
Overall change | 14.1 kB | 14.1 kB | ✓ |
Client Build Manifests
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
_buildManifest.js gzip | 458 B | 458 B | ✓ |
Overall change | 458 B | 458 B | ✓ |
Rendered Page Sizes
vercel/next.js canary | Schniz/next.js limit-process-env-to-middleware-env-output | Change | |
---|---|---|---|
index.html gzip | 531 B | 531 B | ✓ |
link.html gzip | 545 B | 545 B | ✓ |
withRouter.html gzip | 526 B | 526 B | ✓ |
Overall change | 1.6 kB | 1.6 kB | ✓ |
teleaziz
added a commit
to teleaziz/next.js
that referenced
this pull request
Jan 12, 2022
…o-example * 'canary' of github.com:vercel/next.js: Added links to data fetching api refs, fixed title (vercel#33221) Removed backticks on data fetching api titles (vercel#33216) middlewares: limit `process.env` to inferred usage (vercel#33186) Fixed broken link (vercel#33209) v12.0.8 v12.0.8-canary.22 Refactor data fetching API docs (vercel#30615) Docs: correct ignorance pattern for .env.local (vercel#32647) Fixes vercel#33153: Updating cross-references from master to main + canary (vercel#33198) v12.0.8-canary.21 Add util for normalizing errors (vercel#33159) Fix broken yarn pnp (vercel#32867)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Production middlewares will only expose env vars that are statically analyzable, as mentioned here: https://nextjs.org/docs/api-reference/next/server#how-do-i-access-environment-variables
This creates some incompatibility with
next dev
andnext start
, where allprocess.env
data is shared and can lead to unexpected behavior in runtime.This PR fixes it by limiting the data in
process.env
with the inferred env vars from the code usage. I believe the test speaks for itself 🕺