opennextjs
diff --git a/‎.changeset/breezy-adults-behave.md
Lines changed: 5 additions & 0 deletions b/‎.changeset/breezy-adults-behave.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎examples/app-router/app/cookies/page.tsx
Lines changed: 7 additions & 0 deletions b/‎examples/app-router/app/cookies/page.tsx
Lines changed: 7 additions & 0 deletions
diff --git a/‎examples/app-router/middleware.ts
Lines changed: 5 additions & 0 deletions b/‎examples/app-router/middleware.ts
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/open-next/src/core/requestHandler.ts
Lines changed: 5 additions & 1 deletion b/‎packages/open-next/src/core/requestHandler.ts
Lines changed: 5 additions & 1 deletion
diff --git a/‎packages/open-next/src/core/routing/middleware.ts
Lines changed: 0 additions & 1 deletion b/‎packages/open-next/src/core/routing/middleware.ts
Lines changed: 0 additions & 1 deletion
diff --git a/‎packages/tests-e2e/tests/appRouter/middleware.cookies.test.ts
Lines changed: 39 additions & 7 deletions b/‎packages/tests-e2e/tests/appRouter/middleware.cookies.test.ts
Lines changed: 39 additions & 7 deletions
@@ -0,0 +1,5 @@
+---
+"@opennextjs/aws": patch
+---
+
+fix: Ensure cookies set in middleware are available on initial render when using `cookies().get()` from Next.js
@@ -0,0 +1,7 @@
+import { cookies } from "next/headers";
+
+export default async function Page() {
+  const foo = (await cookies()).get("foo")?.value;
+
+  return <div data-testid="foo">{foo}</div>;
+}
@@ -28,6 +28,11 @@ export function middleware(request: NextRequest) {
     const u = new URL("https://opennext.js.org/share.png");
     return NextResponse.rewrite(u);
   }
+  if (path === "/cookies") {
+    const res = NextResponse.next();
+    res.cookies.set("foo", "bar");
+    return res;
+  }
   const requestHeaders = new Headers(request.headers);
   // Setting the Request Headers, this should be available in RSC
   requestHeaders.set("request-header", "request-header");
 
@@ -87,7 +87,11 @@ export async function openNextHandler(
           continue;
         }
         const key = rawKey.slice(MIDDLEWARE_HEADER_PREFIX_LEN);
-        overwrittenResponseHeaders[key] = value;
+        // We skip this header here since it is used by Next internally and we don't want it on the response headers.
+        // This header needs to be present in the request headers for processRequest, so cookies().get() from Next will work on initial render.
+        if (key !== "x-middleware-set-cookie") {
+          overwrittenResponseHeaders[key] = value;
+        }
         headers[key] = value;
         delete headers[rawKey];
       }
 
@@ -115,7 +115,6 @@ export async function handleMiddleware(
   // These are internal headers used by Next.js, we don't want to expose them to the client
   const filteredHeaders = [
     "x-middleware-override-headers",
-    "x-middleware-set-cookie",
     "x-middleware-next",
     "x-middleware-rewrite",
     // We need to drop `content-encoding` because it will be decoded
 
@@ -1,12 +1,44 @@
 import { expect, test } from "@playwright/test";
 
-test("Cookies", async ({ page, context }) => {
-  await page.goto("/");
+test.describe("Middleware Cookies", () => {
+  test("should be able to set cookies on response in middleware", async ({
+    page,
+    context,
+  }) => {
+    await page.goto("/");
 
-  const cookies = await context.cookies();
-  const from = cookies.find(({ name }) => name === "from");
-  expect(from?.value).toEqual("middleware");
+    const cookies = await context.cookies();
+    const from = cookies.find(({ name }) => name === "from");
+    expect(from?.value).toEqual("middleware");
 
-  const love = cookies.find(({ name }) => name === "with");
-  expect(love?.value).toEqual("love");
+    const love = cookies.find(({ name }) => name === "with");
+    expect(love?.value).toEqual("love");
+  });
+  test("should be able to get cookies set in the middleware with Next's cookies().get()", async ({
+    page,
+  }) => {
+    await page.goto("/cookies");
+
+    expect(await page.getByTestId("foo").textContent()).toBe("bar");
+  });
+  test("should not expose internal Next headers in response", async ({
+    page,
+    context,
+  }) => {
+    const responsePromise = page.waitForResponse((response) =>
+      response.url().includes("/cookies"),
+    );
+
+    await page.goto("/cookies");
+
+    const response = await responsePromise;
+    const headers = response.headers();
+
+    const cookies = await context.cookies();
+    const fooCookie = cookies.find(({ name }) => name === "foo");
+    expect(fooCookie?.value).toBe("bar");
+
+    expect(headers).not.toHaveProperty("x-middleware-set-cookie");
+    expect(headers).not.toHaveProperty("x-middleware-next");
+  });
 });
-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@opennextjs/aws": patch
 +---
++
 +fix: Ensure cookies set in middleware are available on initial render when using `cookies().get()` from Next.js
Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,11 @@ export async function openNextHandler(`
`87`	`87`	`continue;`
`88`	`88`	`}`
`89`	`89`	`const key = rawKey.slice(MIDDLEWARE_HEADER_PREFIX_LEN);`
`90`		`- overwrittenResponseHeaders[key] = value;`
	`90`	`+ // We skip this header here since it is used by Next internally and we don't want it on the response headers.`
	`91`	`+ // This header needs to be present in the request headers for processRequest, so cookies().get() from Next will work on initial render.`
	`92`	`+ if (key !== "x-middleware-set-cookie") {`
	`93`	`+ overwrittenResponseHeaders[key] = value;`
	`94`	`+ }`
`91`	`95`	`headers[key] = value;`
`92`	`96`	`delete headers[rawKey];`
`93`	`97`	`}`