Skip to content

Commit b8bcd59

Browse files
alan-agius4dgp1130
alan-agius4
authored and
dgp1130
committed
fix(@angular/ssr): ensure unique values in redirect response Vary header
Refactors the `createRedirectResponse` function to use a `Set` for constructing the `Vary` header. This ensures that `X-Forwarded-Prefix` is always present exactly once, and that existing `Vary` values from provided headers are correctly parsed, deduplicated, and preserved. Updates the associated unit tests to reflect the new header order and verify the deduplication logic. (cherry picked from commit ff1160e)
1 parent ba511f7 commit b8bcd59

File tree

2 files changed

+18
-6
lines changed

2 files changed

+18
-6
lines changed

packages/angular/ssr/src/utils/redirect.ts

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -50,13 +50,18 @@ export function createRedirectResponse(
5050
);
5151
}
5252

53-
let vary = resHeaders.get('Vary') ?? '';
54-
if (vary) {
55-
vary += ', ';
53+
// Ensure unique values for Vary header
54+
const varyArray = resHeaders.get('Vary')?.split(',') ?? [];
55+
const varySet = new Set(['X-Forwarded-Prefix']);
56+
for (const vary of varyArray) {
57+
const value = vary.trim();
58+
59+
if (value) {
60+
varySet.add(value);
61+
}
5662
}
57-
vary += 'X-Forwarded-Prefix';
5863

59-
resHeaders.set('Vary', vary);
64+
resHeaders.set('Vary', [...varySet].join(', '));
6065
resHeaders.set('Location', location);
6166

6267
return new Response(null, {

packages/angular/ssr/test/utils/redirect_spec.ts

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,14 @@ describe('Redirect Utils', () => {
3636
'Vary': 'Host',
3737
});
3838
expect(response.headers.get('Location')).toBe('/home');
39-
expect(response.headers.get('Vary')).toBe('Host, X-Forwarded-Prefix');
39+
expect(response.headers.get('Vary')).toBe('X-Forwarded-Prefix, Host');
40+
});
41+
42+
it('should NOT add duplicate X-Forwarded-Prefix if already present in Vary header', () => {
43+
const response = createRedirectResponse('/home', 302, {
44+
'Vary': 'X-Forwarded-Prefix, Host',
45+
});
46+
expect(response.headers.get('Vary')).toBe('X-Forwarded-Prefix, Host');
4047
});
4148

4249
it('should warn if Location header is provided in extra headers in dev mode', () => {

0 commit comments

Comments
 (0)