fix(backend,nextjs,remix,clerk-sdk-node): Allow for a preferred host source.

[tmilewski]

Description

An upstream change vercel/next.js#58500 in the handling of X-Forwarded-Host caused a number of issues for our URL parsing methods.

The upstream change was that, if empty, Next was setting the X-Forwarded-Host header.

The root issue on our end was that we prefer the X-Forwarded-Host header, if present, over Host.

In an effort to avoid future complications, I've made the following changes:

• Remove url from authMiddleware debug logging.
  • It was set to the exact same value as nextUrl and ultimately causing confusion.
• Extend the root buildOrigin and buildRequestUrl functions in @clerk/backend to support a preferred host source.
  • { hostPreference: "default" }: Use Host if available; Otherwise X-Forwarded-Host.
  • { hostPreference: "forwarded" }: Use X-Forwarded-Host if available; Otherwise Host.
• Updated call-sites in other packages so that they operate in the same fashion prior to this PR.

Checklist

• npm test runs as expected.
• npm run build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Packages affected

• @clerk/backend
• @clerk/chrome-extension
• @clerk/clerk-js
• @clerk/clerk-expo
• @clerk/fastify
• gatsby-plugin-clerk
• @clerk/localizations
• @clerk/nextjs
• @clerk/clerk-react
• @clerk/remix
• @clerk/clerk-sdk-node
• @clerk/shared
• @clerk/themes
• @clerk/types
• build/tooling/chore

[changeset-bot]

🦋 Changeset detected

Latest commit: 8356d44

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 6 packages

Name	Type
@clerk/clerk-sdk-node	Patch
@clerk/backend	Patch
@clerk/nextjs	Patch
@clerk/remix	Patch
gatsby-plugin-clerk	Patch
@clerk/fastify	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[tmilewski]

!snapshot

[clerk-cookie]

Hey @tmilewski - the snapshot version command generated the following package versions:

Package	Version
@clerk/backend	1.0.1-snapshot.v8356d44
@clerk/chrome-extension	1.0.1-snapshot.v8356d44
@clerk/clerk-js	5.0.1-snapshot.v8356d44
@clerk/clerk-expo	1.0.1-snapshot.v8356d44
@clerk/fastify	1.0.1-snapshot.v8356d44
gatsby-plugin-clerk	5.0.1-snapshot.v8356d44
@clerk/localizations	2.0.1-snapshot.v8356d44
@clerk/nextjs	5.0.1-snapshot.v8356d44
@clerk/clerk-react	5.0.1-snapshot.v8356d44
@clerk/remix	4.0.1-snapshot.v8356d44
@clerk/clerk-sdk-node	5.0.1-snapshot.v8356d44
@clerk/shared	2.0.1-snapshot.v8356d44
@clerk/themes	2.0.1-snapshot.v8356d44
@clerk/types	4.0.1-snapshot.v8356d44

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/backend

npm i @clerk/backend@1.0.1-snapshot.v8356d44 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@1.0.1-snapshot.v8356d44 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@5.0.1-snapshot.v8356d44 --save-exact

@clerk/clerk-expo

npm i @clerk/clerk-expo@1.0.1-snapshot.v8356d44 --save-exact

@clerk/fastify

npm i @clerk/fastify@1.0.1-snapshot.v8356d44 --save-exact

gatsby-plugin-clerk

npm i gatsby-plugin-clerk@5.0.1-snapshot.v8356d44 --save-exact

@clerk/localizations

npm i @clerk/localizations@2.0.1-snapshot.v8356d44 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@5.0.1-snapshot.v8356d44 --save-exact

@clerk/clerk-react

npm i @clerk/clerk-react@5.0.1-snapshot.v8356d44 --save-exact

@clerk/remix

npm i @clerk/remix@4.0.1-snapshot.v8356d44 --save-exact

@clerk/clerk-sdk-node

npm i @clerk/clerk-sdk-node@5.0.1-snapshot.v8356d44 --save-exact

@clerk/shared

npm i @clerk/shared@2.0.1-snapshot.v8356d44 --save-exact

@clerk/themes

npm i @clerk/themes@2.0.1-snapshot.v8356d44 --save-exact

@clerk/types

npm i @clerk/types@4.0.1-snapshot.v8356d44 --save-exact

[nikosdouvlis]

I think that x-forwarded-host should always have priority.
Before we move ahead with this PR, could you please share a repo where clerkUrl is correct while the headers are not?