Skip to content

fix(express): add empty path fallback for frontendApiProxy#8003

Open
jacekradko wants to merge 3 commits intomainfrom
jacek/fix-express-proxy-path-guard
Open

fix(express): add empty path fallback for frontendApiProxy#8003
jacekradko wants to merge 3 commits intomainfrom
jacek/fix-express-proxy-path-guard

Conversation

@jacekradko
Copy link
Member

@jacekradko jacekradko commented Mar 6, 2026
edited by coderabbitai bot
Loading

Summary

  • Fix missing empty-string fallback for frontendApiProxy.path in Express middleware
  • When path is set to '/', stripTrailingSlashes returns '', causing pathname.startsWith('') to match every request as a proxy request
  • Adds || DEFAULT_PROXY_PATH guard to match the existing pattern in @clerk/hono and @clerk/fastify

Test plan

  • Verify pnpm build passes
  • Verify existing Express proxy tests pass

Summary by CodeRabbit

  • Bug Fixes

    • Resolved an issue where the express proxy could incorrectly intercept all requests when its configured path resolved to an empty string, restoring correct routing and preventing unintended interception.

  • Tests

    • Added tests to verify the proxy fallback behavior and ensure non-proxy routes remain unaffected when the configured path is empty.

  • Documentation

    • Added a changelog entry documenting the patch release.

@jacekradko
fix(express): add empty path fallback for frontendApiProxy
f5d7a43 
When `frontendApiProxy.path` is set to '/', `stripTrailingSlashes`
returns an empty string, causing every request to be intercepted as
a proxy request. Add `|| DEFAULT_PROXY_PATH` fallback to match the
existing guard in the hono and fastify packages.
@vercel
Copy link

vercel bot commented Mar 6, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
clerk-js-sandbox Skipped Skipped Mar 6, 2026 4:11pm

Request Review

@changeset-bot
Copy link

changeset-bot bot commented Mar 6, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 08c1d22

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@clerk/express Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@pkg-pr-new
Copy link

pkg-pr-new bot commented Mar 6, 2026
edited
Loading

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@8003

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8003

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8003

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8003

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8003

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@8003

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8003

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8003

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8003

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8003

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8003

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8003

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8003

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8003

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8003

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8003

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8003

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8003

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8003

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8003

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8003

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8003

commit: 08c1d22

@jacekradko jacekradko requested a review from brkalow March 6, 2026 16:07
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 6, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 0e9af587-94c0-4de7-8d74-a724725a8cd5

📥 Commits

Reviewing files that changed from the base of the PR and between 98161b0 and 08c1d22.

📒 Files selected for processing (1)
  • packages/express/src/__tests__/clerkMiddleware.test.ts
📝 Walkthrough

Walkthrough

Adds a fallback for an empty frontend API proxy path: when the configured proxy path becomes an empty string after trimming, the code uses DEFAULT_PROXY_PATH instead of the empty value. Adds tests covering this behavior and a changeset entry documenting a patch release for the clerk/express package.

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely describes the main change: adding an empty path fallback for frontendApiProxy in Express middleware.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brkalow brkalow brkalow approved these changes

Assignees

No one assigned

Labels

express

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jacekradko @brkalow