Custom status code for server-rendered pages using App Router
Unanswered
Sun bear posted this in #help-forum
Sun bearOP
I have a use case where I'd like to return an HTTP 401 status if the client tries to access a page that requires login. However, I can't seem to find a way to do this using the App Router. I can throw a generic error for a code 500, or use the not found page for 404, but I haven't found a way to specify the code directly.
Here are some past threads I found on the topic:
https://canary.discord.com/channels/752553802359505017/1077466262751412275
https://canary.discord.com/channels/752553802359505017/1100358860042158171
https://canary.discord.com/channels/752553802359505017/1108471691908227254
https://canary.discord.com/channels/752553802359505017/1118791522717007882
These seem to indicate this is not currently possible, or at least the threads in question weren't solved. Have there been any recent changes regarding this, or does someone know if a solution is being planned? Thanks!
Here are some past threads I found on the topic:
https://canary.discord.com/channels/752553802359505017/1077466262751412275
https://canary.discord.com/channels/752553802359505017/1100358860042158171
https://canary.discord.com/channels/752553802359505017/1108471691908227254
https://canary.discord.com/channels/752553802359505017/1118791522717007882
These seem to indicate this is not currently possible, or at least the threads in question weren't solved. Have there been any recent changes regarding this, or does someone know if a solution is being planned? Thanks!
25 Replies
Sun bearOP
As to why I want to return the error code: I don't want search engine crawlers to index the "You need to log in to see this page" error, which they generally won't if a non-200 code is returned.
I guess if it's not possible, I could also use the metadata object and set
{ robots: { index: false } } as a workaround
European sprat
use middleware
Sun bearOP
One of the earlier threads I linked above seemed to indicate that even if you set a return code in a middleware, it gets overwritten by Next
that said, if that's possible, would that mean that I would have to put all my auth logic in the middleware (and e.g. specify which paths require authentication)? or is there a way I could pass some data from the component (e.g. by throwing an error and catching it in a middleware) and react to that in the middleware?
European sprat
there's probably a few ways to do it, i personally read JWT cookies and then for the specific routes I want to protect return the 401 response in middleware when the JWT is invalid/doesn't exist
Sun bearOP
Alright, I'll have a play around with that. Thanks!
Sun bearOP
Unfortunately it looks like middleware might not work for me in this case, as some of my auth-related dependencies are using
node: modules which, it appears, can't be used in middleware (from what I've understood, because in Vercel they run on the edge -- I'm not hosting on Vercel, but I imagine that's why that limitation exists)?I'll open another help thread for that issue, but I'll also leave this open for other potential solutions to the status code issue specifically
European sprat
unfortunately, regardless of where it's hosted, middleware uses edge runtime
Sun bearOP
oh, that's a really unfortunate limitation
European sprat
yeah it is, for me i call a route handler API via middleware to get the user and do the auth there
because i can't just call prisma directly
Sun bearOP
I'm only using this module for one API request, so I suppose I could just rewrite that as a fetch() call instead
oh, that's smart!
Is that just a fetch() to "/api/blahblah"?
European sprat
yeah
consuming your own route handlers from the server isn't really "good practice" (it shouldn't be done in RSC at all) but sometimes it's the only option in middleware
Sun bearOP
yeah, gotta work with what you have
European sprat
i really don't understand why we can't set the runtime on middleware like we can on route handlers
Sun bearOP
thanks for the help anyway! I'll give that a try and see how it goes
European sprat
np good luck
Sun bearOP
I imagine I'll have to pass the cookies from NextRequest along with the call to the route handler
European sprat
yeah
Sun bearOP
Ok, that seems to work! But I also noticed that the status code set in NextResponse.rewrite() is being overwritten.. so I'm back to my original problem. But at least I can set noindex in the metadata for the error pages that I'm rewriting to, so that works as a workaround for now.