286735 ssr headers #321
286735 ssr headers #321
Conversation
avoinea
left a comment
avoinea
left a comment
There was a problem hiding this comment.
⏺ 🚨 Critical Issues Found - NOT SAFE for Production
I've analyzed the changes and found several critical issues that could cause production crashes. Here's my detailed assessment:
Critical Problems:
- Crash Risk: Undefined Content Object (server.jsx:342-352)
const content = store.getState().content.data;
res.set({
...getDateHeader('Last-Modified', content.effective),
'X-Page-Title': content.title,
'X-Page-Description': content.description,
'X-Page-Type': content['@type'],
});
Problem: If content.data is undefined or null, accessing content.title, content.description, etc. will throw TypeError: Cannot read property 'title' of undefined and crash the server.
When this happens:
- Empty Redux state
- Failed API responses
- Edge cases during SSR initialization
- Race conditions in asyncConnect
⏺ 2. Invalid Date Header Values (server.jsx:60-65)
function getDateHeader(name, date) {
if (date) {
return { [name]: new Date(date).toUTCString() };
}
return {};
}
Problems:
- If date is an invalid date string, new Date(date).toUTCString() returns "Invalid Date" which is not a valid HTTP header value
- Empty strings are truthy but produce invalid dates
- No validation of the resulting date
- Missing Headers on Error Paths
The code only sets these headers on the successful path (line 342), but not on:
- Error pages (lines 315-340)
- Redirects (line 314)
- The global error handler (lines 87-113)
This creates inconsistent behavior for monitoring/indexing tools.
⏺ Specific Crash Scenarios:
- Homepage or pages without content.data:
- Some pages might not have content.data populated
- Result: TypeError → 500 error → site down - API timeout/failure:
- If backend API is slow/down, content.data may be undefined
- Result: Server crashes instead of gracefully showing error - Invalid date formats from backend:
- Backend sends malformed dates
- Result: "Invalid Date" in HTTP headers → proxies/CDNs may reject - Missing properties:
- Content without title, description, or @type
- Result: undefined values in headers
Backward Compatibility:
✅ Good: Adding headers is backward compatible (doesn't break existing functionality)
❌ Bad: The crash risk means this could break currently working pages
⏺ Recommendation: 🛑 DO NOT MERGE
This needs defensive coding. Here's what should be fixed:
function getDateHeader(name, date) {
if (!date) return {};
try {
const dateObj = new Date(date);
// Check if date is valid
if (isNaN(dateObj.getTime())) return {};
return { [name]: dateObj.toUTCString() };
} catch (e) {
return {};
}
}
// In the main handler (line 342):
const content = store.getState().content?.data;
if (content) {
res.set({
...getDateHeader('Last-Modified', content.effective),
...getDateHeader('Expires', content.expires),
...getDateHeader('X-Created-At', content.created),
...getDateHeader('X-Updated-At', content.modified),
...getDateHeader('X-Published-At', content.effective),
...(content.title && { 'X-Page-Title': content.title }),
...(content.description && { 'X-Page-Description': content.description }),
...(content['@type'] && { 'X-Page-Type': content['@type'] }),
});
}
Testing Recommendations:
Before deploying, test:
- Homepage with no content.data
- 404 pages
- API backend down/timeout scenarios
- Content with missing fields (no title, description, dates)
- Content with invalid date formats
- High-traffic load testing
⏺ Summary:
| Aspect | Status | Risk Level |
|---|---|---|
| Null safety | ❌ Missing | HIGH |
| Invalid date handling | ❌ Missing | MEDIUM |
| Backward compatibility | MEDIUM | |
| Header validation | ❌ Missing | LOW |
| Overall | ❌ NOT SAFE | HIGH |
The feature itself (adding headers for AI indexers) is good, but the implementation lacks defensive programming. The most critical issue is the missing null check on content which will cause immediate
crashes in production when content.data is undefined.
No description provided.