Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Feat/skew protection #3147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
pieh wants to merge 8 commits into main
base: main
Choose a base branch
Loading
from feat/skew-protection
Draft

Feat/skew protection #3147

pieh wants to merge 8 commits into main from feat/skew-protection

Conversation

Copy link
Contributor

@pieh pieh commented Oct 1, 2025
edited
Loading

Description

This conditionally enables skew protection. Most magic happens outside of next-runtime. It's not enabled by default. Can be enabled via feature flag or env var.

Some details:

We are providing current DEPLOY_ID via setting NEXT_DEPLOYMENT_ID env var, so Next.js build use it when producic static assets (i.e .html files having <script> etc tags with appended ?dpl=${DEPLOY_ID} query param, browser bundles attaching X-Deployment-Id header for server action fetches as well as next/link navigation fetches (next/link has skew protection header "only" since Next 15).

Before next@14.1.4 skew protection was experimental and requires experiments enabled (this was done in e2e test fixture to make sure it works as expected in all routinely tested Next.js versions)

/** @type {import('next').NextConfig} */
const nextConfig = {
 experimental: {
 useDeploymentId: true,
 // Optionally, use with Server Actions
 useDeploymentIdServerActions: true,
 },
};

Documentation

Added separately to docs

Tests

Added e2e test for skew protection. To make it work I also added some basic setup to use buildbot instead of CLI for deploys as currently CLI deploys can't use skew protection.

Relevant links (GitHub issues, etc.) or a picture of cute animal

Copy link
Contributor

github-actions bot commented Oct 1, 2025
edited
Loading

📊 Package size report 0.2%↑

File Before (Size / Gzip) After (Size / Gzip)
dist/build/plugin-context.js 12.2 kB / 3.5 kB 1%↑12.4 kB / 1%↑3.6 kB
dist/build/skew-protection.js 4.1 kB / 1.3 kB
dist/index.js 3.9 kB / 1.2 kB 3%↑4.1 kB / 2%↑1.2 kB
package.json 3.4 kB / 1.2 kB 2%↑3.4 kB / 1%↑1.2 kB
Total (Includes all files) 2.9 MB / 820.1 kB 0.2%↑2.9 MB / 0.2%↑821.4 kB
Tarball size 777.3 kB 0.1%↑778.4 kB
Unchanged files
File Size (Size / Gzip)
dist/build/advanced-api-routes.js 4.3 kB / 1.4 kB
dist/build/cache.js 1.0 kB / 416 B
dist/build/content/next-shims/telemetry-storage.cjs 1.6 kB / 659 B
dist/build/content/prerendered.js 11.1 kB / 3.1 kB
dist/build/content/server.js 11.9 kB / 3.6 kB
dist/build/content/static.js 4.2 kB / 1.4 kB
dist/build/functions/edge.js 24.9 kB / 6.6 kB
dist/build/functions/server.js 4.9 kB / 1.6 kB
dist/build/image-cdn.js 54.0 kB / 11.1 kB
dist/build/templates/handler-monorepo.tmpl.js 1.6 kB / 643 B
dist/build/templates/handler.tmpl.js 1.4 kB / 596 B
dist/build/verification.js 4.5 kB / 1.6 kB
dist/esm-chunks/chunk-5V5HA6YA.js 27.0 kB / 5.4 kB
dist/esm-chunks/chunk-6BT4RYQJ.js 1.9 kB / 862 B
dist/esm-chunks/chunk-TLQCAGE2.js 62.6 kB / 11.2 kB
dist/esm-chunks/chunk-YUXQHOYO.js 187.9 kB / 33.2 kB
dist/run/config.js 1.4 kB / 654 B
dist/run/constants.js 526 B / 319 B
dist/run/handlers/cache.cjs 16.2 kB / 3.9 kB
dist/run/handlers/request-context.cjs 5.3 kB / 1.7 kB
dist/run/handlers/server.js 142.7 kB / 33.5 kB
dist/run/handlers/tags-handler.cjs 7.2 kB / 2.4 kB
dist/run/handlers/tracer.cjs 30.2 kB / 6.3 kB
dist/run/handlers/use-cache-handler.js 48.0 kB / 10.8 kB
dist/run/handlers/wait-until.cjs 1.4 kB / 665 B
dist/run/headers.js 8.2 kB / 2.6 kB
dist/run/next.cjs 23.8 kB / 5.9 kB
dist/run/revalidate.js 1.0 kB / 479 B
dist/run/storage/regional-blob-store.cjs 21.3 kB / 6.1 kB
dist/run/storage/request-scoped-in-memory-cache.cjs 47.4 kB / 10.9 kB
dist/run/storage/storage.cjs 4.0 kB / 1.3 kB
dist/shared/blob-types.cjs 1.6 kB / 645 B
dist/shared/blobkey.js 742 B / 400 B
dist/shared/cache-types.cjs 1.3 kB / 566 B
edge-runtime/lib/cjs.ts 10.7 kB / 3.1 kB
edge-runtime/lib/headers.ts 1.9 kB / 841 B
edge-runtime/lib/logging.ts 115 B / 121 B
edge-runtime/lib/middleware.ts 3.6 kB / 1.4 kB
edge-runtime/lib/next-request.ts 3.3 kB / 1.1 kB
edge-runtime/lib/response.ts 10.0 kB / 3.0 kB
edge-runtime/lib/routing.ts 15.3 kB / 4.0 kB
edge-runtime/lib/util.ts 3.7 kB / 1.3 kB
edge-runtime/matchers.json 3 B / 23 B
edge-runtime/middleware.ts 2.4 kB / 1.0 kB
edge-runtime/next.config.json 3 B / 23 B
edge-runtime/README.md 992 B / 509 B
edge-runtime/shim/edge.js 1.6 kB / 788 B
edge-runtime/shim/node.js 596 B / 347 B
edge-runtime/vendor.ts 1.1 kB / 360 B
edge-runtime/vendor/deno.land/std@0.175.0/_util/asserts.ts 854 B / 461 B
edge-runtime/vendor/deno.land/std@0.175.0/_util/os.ts 644 B / 355 B
edge-runtime/vendor/deno.land/std@0.175.0/async/abortable.ts 4.0 kB / 1.0 kB
edge-runtime/vendor/deno.land/std@0.175.0/async/deadline.ts 974 B / 544 B
edge-runtime/vendor/deno.land/std@0.175.0/async/debounce.ts 2.2 kB / 956 B
edge-runtime/vendor/deno.land/std@0.175.0/async/deferred.ts 1.5 kB / 798 B
edge-runtime/vendor/deno.land/std@0.175.0/async/delay.ts 1.8 kB / 845 B
edge-runtime/vendor/deno.land/std@0.175.0/async/mod.ts 465 B / 241 B
edge-runtime/vendor/deno.land/std@0.175.0/async/mux_async_iterator.ts 2.5 kB / 1.1 kB
edge-runtime/vendor/deno.land/std@0.175.0/async/pool.ts 3.2 kB / 1.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/async/retry.ts 2.4 kB / 1.0 kB
edge-runtime/vendor/deno.land/std@0.175.0/async/tee.ts 2.1 kB / 924 B
edge-runtime/vendor/deno.land/std@0.175.0/bytes/index_of_needle.ts 1.4 kB / 668 B
edge-runtime/vendor/deno.land/std@0.175.0/crypto/timing_safe_equal.ts 875 B / 442 B
edge-runtime/vendor/deno.land/std@0.175.0/datetime/to_imf.ts 1.3 kB / 681 B
edge-runtime/vendor/deno.land/std@0.175.0/encoding/base64.ts 2.5 kB / 1.0 kB
edge-runtime/vendor/deno.land/std@0.175.0/encoding/base64url.ts 2.0 kB / 872 B
edge-runtime/vendor/deno.land/std@0.175.0/flags/mod.ts 22.6 kB / 5.9 kB
edge-runtime/vendor/deno.land/std@0.175.0/fmt/colors.ts 12.4 kB / 2.7 kB
edge-runtime/vendor/deno.land/std@0.175.0/fmt/printf.ts 27.7 kB / 7.7 kB
edge-runtime/vendor/deno.land/std@0.175.0/http/cookie.ts 11.5 kB / 3.6 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/_core.ts 2.3 kB / 716 B
edge-runtime/vendor/deno.land/std@0.175.0/node/_events.d.ts 27.2 kB / 5.8 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/_events.mjs 28.0 kB / 7.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/_global.d.ts 1.7 kB / 650 B
edge-runtime/vendor/deno.land/std@0.175.0/node/_next_tick.ts 5.0 kB / 1.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/_process/exiting.ts 138 B / 138 B
edge-runtime/vendor/deno.land/std@0.175.0/node/_process/process.ts 3.8 kB / 1.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/_process/stdio.mjs 336 B / 233 B
edge-runtime/vendor/deno.land/std@0.175.0/node/_process/streams.mjs 4.0 kB / 1.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/_stream.d.ts 53.2 kB / 11.9 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/_stream.mjs 91.2 kB / 25.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/_util/_util_callbackify.ts 4.3 kB / 1.7 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/_utils.ts 5.9 kB / 2.0 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/assert.ts 23.1 kB / 4.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/assertion_error.ts 19.6 kB / 6.1 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/async_hooks.ts 7.7 kB / 2.1 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/buffer.ts 262 B / 204 B
edge-runtime/vendor/deno.land/std@0.175.0/node/events.ts 303 B / 221 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/_libuv_winerror.ts 7.8 kB / 1.9 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/_listen.ts 561 B / 342 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/_node.ts 443 B / 335 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/_utils.ts 2.4 kB / 938 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/_winerror.ts 354.4 kB / 64.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/#_timingsafeequal_bd5c8.ts 479 B / 268 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/ares.ts 2.4 kB / 1.1 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/async_wrap.ts 4.0 kB / 1.8 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/buffer.ts 3.5 kB / 1.3 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/cares_wrap.ts 15.2 kB / 3.9 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/config.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/connection_wrap.ts 2.6 kB / 1.3 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/constants.ts 21.5 kB / 5.1 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/contextify.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/credentials.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/crypto.ts 448 B / 244 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/errors.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/fs_dir.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/fs_event_wrap.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/fs.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/handle_wrap.ts 1.8 kB / 1.0 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/heap_utils.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/http_parser.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/icu.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/inspector.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/js_stream.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/messaging.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/mod.ts 3.1 kB / 955 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/module_wrap.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/native_module.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/natives.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/node_file.ts 2.9 kB / 1.5 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/node_options.ts 1.8 kB / 989 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/options.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/os.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/performance.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/pipe_wrap.ts 10.4 kB / 3.3 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/process_methods.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/report.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/serdes.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/signal_wrap.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/spawn_sync.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/stream_wrap.ts 9.3 kB / 2.8 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/string_decoder.ts 504 B / 261 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/symbols.ts 1.4 kB / 828 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/task_queue.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/tcp_wrap.ts 13.1 kB / 3.7 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/timers.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/tls_wrap.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/trace_events.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/tty_wrap.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/types.ts 5.7 kB / 1.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/udp_wrap.ts 12.4 kB / 3.6 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/url.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/util.ts 4.0 kB / 1.8 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/uv.ts 20.1 kB / 3.8 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/v8.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/worker.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal_binding/zlib.ts 87 B / 104 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/buffer.d.ts 73.6 kB / 12.1 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/buffer.mjs 66.1 kB / 10.6 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/crypto/_keys.ts 463 B / 262 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/crypto/constants.ts 252 B / 173 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/error_codes.ts 322 B / 250 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/errors.ts 78.9 kB / 17.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/fixed_queue.ts 4.4 kB / 1.2 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/hide_stack_frames.ts 550 B / 377 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/net.ts 3.1 kB / 1.5 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/normalize_encoding.mjs 2.1 kB / 500 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/options.ts 1.7 kB / 959 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/primordials.mjs 1.8 kB / 431 B
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/process/per_thread.mjs 7.8 kB / 2.3 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/readline/callbacks.mjs 3.8 kB / 1.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/readline/utils.mjs 14.3 kB / 3.7 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/streams/destroy.mjs 6.9 kB / 1.8 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/streams/end-of-stream.mjs 7.1 kB / 1.9 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/streams/utils.mjs 5.9 kB / 1.2 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/util.mjs 4.0 kB / 1.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/util/comparisons.ts 16.6 kB / 3.8 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/util/debuglog.ts 3.2 kB / 1.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/util/inspect.mjs 71.5 kB / 19.8 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/util/types.ts 3.7 kB / 1.3 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/internal/validators.mjs 8.0 kB / 2.1 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/process.ts 19.4 kB / 5.2 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/stream.ts 671 B / 346 B
edge-runtime/vendor/deno.land/std@0.175.0/node/string_decoder.ts 10.3 kB / 3.3 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/util.ts 7.8 kB / 2.2 kB
edge-runtime/vendor/deno.land/std@0.175.0/node/util/types.ts 199 B / 153 B
edge-runtime/vendor/deno.land/std@0.175.0/path/_constants.ts 2.0 kB / 727 B
edge-runtime/vendor/deno.land/std@0.175.0/path/_interface.ts 728 B / 369 B
edge-runtime/vendor/deno.land/std@0.175.0/path/_util.ts 5.0 kB / 1.6 kB
edge-runtime/vendor/deno.land/std@0.175.0/path/common.ts 1.2 kB / 607 B
edge-runtime/vendor/deno.land/std@0.175.0/path/glob.ts 12.7 kB / 3.9 kB
edge-runtime/vendor/deno.land/std@0.175.0/path/mod.ts 1.4 kB / 690 B
edge-runtime/vendor/deno.land/std@0.175.0/path/posix.ts 13.9 kB / 3.7 kB
edge-runtime/vendor/deno.land/std@0.175.0/path/separator.ts 259 B / 209 B
edge-runtime/vendor/deno.land/std@0.175.0/path/win32.ts 28.5 kB / 6.4 kB
edge-runtime/vendor/deno.land/std@0.175.0/streams/write_all.ts 2.2 kB / 598 B
edge-runtime/vendor/deno.land/std@0.175.0/testing/_diff.ts 11.6 kB / 3.6 kB
edge-runtime/vendor/deno.land/std@0.175.0/testing/_format.ts 705 B / 462 B
edge-runtime/vendor/deno.land/std@0.175.0/testing/asserts.ts 25.5 kB / 5.7 kB
edge-runtime/vendor/deno.land/std@0.175.0/types.d.ts 4.2 kB / 1.2 kB
edge-runtime/vendor/deno.land/x/htmlrewriter@v1.0.0/pkg/htmlrewriter_bg.wasm 573.2 kB / 262.7 kB
edge-runtime/vendor/deno.land/x/htmlrewriter@v1.0.0/pkg/htmlrewriter.js 31.0 kB / 4.7 kB
edge-runtime/vendor/deno.land/x/htmlrewriter@v1.0.0/src/index.ts 2.6 kB / 989 B
edge-runtime/vendor/deno.land/x/htmlrewriter@v1.0.0/src/types.d.ts 2.1 kB / 446 B
edge-runtime/vendor/deno.land/x/path_to_regexp@v6.2.1/index.ts 15.4 kB / 4.2 kB
edge-runtime/vendor/manifest.json 104 B / 119 B
edge-runtime/vendor/v1-7-0--edge-utils.netlify.app/logger/logger.ts 3.2 kB / 747 B
edge-runtime/vendor/v1-7-0--edge-utils.netlify.app/logger/mod.ts 29 B / 49 B
LICENSE 1.1 kB / 661 B
manifest.yml 31 B / 51 B
README.md 2.8 kB / 1.2 kB

🤖 This report was automatically generated by pkg-size-action

@pieh pieh added the test all versions Run e2e tests against old and canary versions of Next.js label Oct 1, 2025
@pieh pieh force-pushed the feat/skew-protection branch from bd48131 to 752f755 Compare October 1, 2025 15:08
@pieh pieh force-pushed the feat/skew-protection branch from 752f755 to 47fb69f Compare October 1, 2025 15:40
console.log('Setting up Next.js Skew Protection.')
}

process.env.NEXT_DEPLOYMENT_ID = process.env.DEPLOY_ID
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally instead of setting this internal Next.js env var, we could set this via next.config.js#deploymentId ( https://github.com/vercel/next.js/blob/bd727d6f19852cc7ffd44b0321fd35b5f88c55e3/packages/next/src/server/config-shared.ts#L1065-L1068 ), but for now we don't have blessed way to mutate config

@pieh pieh force-pushed the feat/skew-protection branch from 47fb69f to 7ba5192 Compare October 1, 2025 16:02

/** Absolute path to the skew protection config */
get skewProtectionConfigPath(): string {
return this.resolveFromPackagePath('.netlify/v1/skew-protection.json')
Copy link
Contributor

@mrstork mrstork Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking about the case of turning on skew protection, then disabling it in the following deploy, is that possible? Is that something that would ever be done? Currently this setting looks to be scoped to the site level rather than per deploy (like blobs is for example), so unsure of the mechanics here and whether it would take the most recent settings each time or work another way.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skew protection is deploy-level configuration / metadata in similar way as redirects/rewrites are. It is possible to turn it off for future deploys by just not producing configuration for it.

This config file will be wiped automatically because it's part of Frameworks API which does have automatic cleanup ( ( https://github.com/netlify/build/blob/main/packages/build/src/plugins_core/pre_cleanup/index.ts ) so we don't have to ensure it doesn't exist here to handle case of turning it on and later turning it off.

Is that something that would ever be done?

I don't see a reason why one would do that, unless bugs / not handled edge cases would be uncovered in the future.

mrstork reacted with thumbs up emoji mrstork reacted with heart emoji
*/
siteId?: string
/**
* If set to true, instead of using CLI to deploy, we will zip the source files and trigger build from zip.
Copy link
Contributor

@mrstork mrstork Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reminder that you found ntl deploy --upload-source-zip, not sure if it would help simplify things or not though

Copy link
Contributor Author

@pieh pieh Oct 2, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I would like to try this as follow up. There are potential quirks here that this is CLI version dependent and we have cases of intentionally using older CLI versions (before that option was available). For right now this is used only for this new skew protection tests so it shouldn't cause problems, just potential future annoyance if we try to move other tests to use it as well

mrstork reacted with thumbs up emoji
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrstork mrstork mrstork approved these changes

Assignees
No one assigned
Labels
test all versions Run e2e tests against old and canary versions of Next.js
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants

AltStyle によって変換されたページ (->オリジナル) /