add additional x-middleware-set-cookie filtering (#75561)

ztanner · ztanner · commit 15ce69052f1f · 2025-02-10T08:32:49.000-08:00
Previously when we removed this from the response we only did so for
requests that flowed through middleware and static handlers. We should
ensure it's filtered in `sendResponse` as well. The header is only
needed internally.
diff --git a/packages/next/src/server/send-response.ts b/packages/next/src/server/send-response.ts
@@ -25,6 +25,11 @@ export async function sendResponse(
 
     // Copy over the response headers.
     response.headers?.forEach((value, name) => {
+      // `x-middleware-set-cookie` is an internal header not needed for the response
+      if (name.toLowerCase() === 'x-middleware-set-cookie') {
+        return
+      }
+
       // The append handling is special cased for `set-cookie`.
       if (name.toLowerCase() === 'set-cookie') {
         // TODO: (wyattjoh) replace with native response iteration when we can upgrade undici
diff --git a/test/e2e/app-dir/app-middleware/app/cookies/api/route.js b/test/e2e/app-dir/app-middleware/app/cookies/api/route.js
@@ -0,0 +1,11 @@
+import { NextResponse } from 'next/server'
+
+export function GET() {
+  const response = new NextResponse()
+  response.cookies.set({
+    name: 'example',
+    value: 'example',
+  })
+
+  return response
+}
