v9.3.4 breaks custom http2 servers due to embedded "compression" module

[EvHaus]

Bug report

Describe the bug

After upgrading from next.js v9.3.3 to v9.3.4, my production application will no longer run. This is because I'm using a custom http2 server and version 9.3.4 seems to be embedding a custom copy of the compression npm module which doesn't support http2 servers. The error printed is:

2020-04-04 20:20:26.150: (node:5938) UnhandledPromiseRejectionWarning: TypeError: this._implicitHeader is not a function
2020-04-04 20:20:26.150:     at Http2ServerResponse.end (/var/www/mysite/node_modules/next/dist/compiled/compression/index.js:1:156302)
2020-04-04 20:20:26.150:     at Object.onerror (/var/www/mysite/node_modules/koa/lib/context.js:157:9)
2020-04-04 20:20:26.150:     at onerror (/var/www/mysite/node_modules/koa/lib/application.js:163:32)
2020-04-04 20:20:26.151: (node:5938) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 5)

This is caused by this well-known bug: expressjs/compression#155 and I've worked around this before in my app by manually using that PR as my dependency instead of the official compression package, however, it looks like next.js is now embedding it's own copy of compression somewhere in /dist/compiled/compression which causes my site to break.

To Reproduce

Run a barebones Next.js app but with a custom server that uses the http2 module like this:

import http from 'http';
import https from 'https';
import Koa from 'koa';
import koaConnect from 'koa-connect';
import next from 'next';
import Router from 'koa-router';

const app = next();
const handle = app.getRequestHandler();

app.prepare().then((): any => {
	const server = new Koa();
	const router = new Router();

	router.all('*', async (ctx: any) => {
		await handle(ctx.req, ctx.res);
		ctx.respond = false;
	});

	server.use(router.routes());

	// Handle HTTPS connections with HTTP/2
	const http2Server = http2.createSecureServer({
		allowHTTP1: true,
	}, server.callback());

	// Handle HTTPS connections
	return http2Server.listen(443, (err: Error) => {
		if (err) throw err;
		console.log('Listening for http2 requests on 443');
	});

Expected behavior

The app should still run without any error.

Screenshots

N/A

System information

• OS: All
• Browser (if applies) N/A
• Version of Next.js: 9.3.4

[lOscarl]

Hello, I would like to work on this issue

[lOscarl]

Hello, I’ve been following this issue and it seems that this issue has ben fixed form Node.js #34145 were is has been add the support for sensitive headers

[github-actions]

Please verify that your issue can be recreated with next@canary.

Why was this issue marked with the please verify canary label?

We noticed the provided reproduction was using an older version of Next.js, instead of canary.

The canary version of Next.js ships daily and includes all features and fixes that have not been released to the stable version yet. You can think of canary as a public beta. Some issues may already be fixed in the canary version, so please verify that your issue reproduces by running npm install next@canary and test it in your project, using your reproduction steps.

If the issue does not reproduce with the canary version, then it has already been fixed and this issue can be closed.

How can I quickly verify if my issue has been fixed in canary?

The safest way is to install next@canary in your project and test it, but you can also search through closed Next.js issues for duplicates or check the Next.js releases.

My issue has been open for a long time, why do I need to verify canary now?

Next.js does not backport bug fixes to older versions of Next.js. Instead, we are trying to introduce only a minimal amount of breaking changes between major releases.

What happens if I don't verify against the canary version of Next.js?

An issue with the please verify canary that receives no meaningful activity (e.g. new comments that acknowledge verification against canary) will be automatically closed and locked after 30 days.

If your issue has not been resolved in that time and it has been closed/locked, please open a new issue, with the required reproduction, using next@canary.

I did not open this issue, but it is relevant to me, what can I do to help?

Anyone experiencing the same issue is welcome to provide a minimal reproduction following the above steps. Furthermore, you can upvote the issue using the 👍 reaction on the topmost comment (please do not comment "I have the same issue" without repro steps). Then, we can sort issues by votes to prioritize.

I think my reproduction is good enough, why aren't you looking into it quicker?

We look into every Next.js issue and constantly monitor open issues for new comments.

However, sometimes we might miss one or two due to the popularity/high traffic of the repository. We apologize, and kindly ask you to refrain from tagging core maintainers, as that will usually not result in increased priority.

Upvoting issues to show your interest will help us prioritize and address them as quickly as possible. That said, every issue is important to us, and if an issue gets closed by accident, we encourage you to open a new one linking to the old issue and we will look into it.

Useful Resources

• How to Contribute to Open Source (Next.js)
• How to create a Minimal, Complete, and Verifiable example
• Reporting a Next.js bug
• Next.js Triaging issues

[balazsorban44]

This issue has been automatically closed because it wasn't verified against next@canary. If you think it was closed by accident, please leave a comment. If you are running into a similar issue, please open a new issue with a reproduction. Thank you.

[github-actions]

This closed issue has been automatically locked because it had no new activity for a month. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.