fix(@angular/ssr): support custom headers in redirect responses [20] by alan-agius4 · Pull Request #32779 · angular/angular-cli

alan-agius4 · 2026-03-17T10:05:16Z

No description provided.

Updated the INVALID_PREFIX_REGEX to ensure that prefixes starting with a backslash are considered invalid. Previously, only multiple slashes or dot segments were explicitly disallowed at the start. Also updated the associated validation error message and unit tests to reflect this change.

gemini-code-assist

Code Review

This pull request refactors the createRedirectResponse function into its own utility file packages/angular/ssr/src/utils/redirect.ts and enhances it to support custom headers in redirect responses. The changes are well-structured and include corresponding updates to call sites and new tests. I've found a small issue with how the Vary header is being constructed which could lead to duplicate values. My suggestion addresses this to make the logic more robust.

Updates createRedirectResponse to accept an optional Record<string, string> of headers, allowing custom headers to be merged into the redirect response. The Location and Vary: X-Forwarded-Prefix headers are automatically set to ensure correct routing and proxy behavior. AngularServerApp now passes relevant headers from the matched route or response context when creating a redirect.

Refactors the `createRedirectResponse` function to use a `Set` for constructing the `Vary` header. This ensures that `X-Forwarded-Prefix` is always present exactly once, and that existing `Vary` values from provided headers are correctly parsed, deduplicated, and preserved. Updates the associated unit tests to reflect the new header order and verify the deduplication logic.

dgp1130 · 2026-03-17T17:40:53Z

This PR was merged into the repository. The changes were merged into the following branches:

20.3.x: 0a2ff0b

angular-automatic-lock-bot · 2026-04-17T00:27:12Z

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}

alan-agius4 requested a review from dgp1130 March 17, 2026 10:05

alan-agius4 added the target: lts This PR is targeting a version currently in long-term support label Mar 17, 2026

angular-robot Bot added the area: @angular/ssr label Mar 17, 2026

gemini-code-assist Bot reviewed Mar 17, 2026

View reviewed changes

Comment thread packages/angular/ssr/src/utils/redirect.ts Outdated

alan-agius4 force-pushed the prefix-url-20 branch from dc703c5 to c062207 Compare March 17, 2026 10:09

dgp1130 approved these changes Mar 17, 2026

View reviewed changes

alan-agius4 added the action: merge The PR is ready for merge by the caretaker label Mar 17, 2026

dgp1130 merged commit 0a2ff0b into angular:20.3.x Mar 17, 2026
32 of 33 checks passed

angular-automatic-lock-bot Bot locked and limited conversation to collaborators Apr 17, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(@angular/ssr): support custom headers in redirect responses [20]#32779

fix(@angular/ssr): support custom headers in redirect responses [20]#32779
dgp1130 merged 3 commits into
angular:20.3.xfrom
alan-agius4:prefix-url-20

alan-agius4 commented Mar 17, 2026

Uh oh!

gemini-code-assist Bot left a comment

Uh oh!

Uh oh!

Uh oh!

dgp1130 commented Mar 17, 2026

Uh oh!

angular-automatic-lock-bot Bot commented Apr 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

alan-agius4 commented Mar 17, 2026

Uh oh!

gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

Uh oh!

dgp1130 commented Mar 17, 2026

Uh oh!

angular-automatic-lock-bot Bot commented Apr 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants