Commit 6c41d3e
fix(web): reject stale Server Action POSTs in middleware (real fix)
Replaces the console.error filter (which only hid the log noise) with
middleware that short-circuits the requests causing the leak in the
first place. Any POST carrying a Next-Action header against this bundle
is by definition stale — no `use server` directives exist in the
codebase, so the action ID can only have come from a previously deployed
build cached on the client or replayed by bots.
Returning 410 Gone before the request reaches Next's internal handler
prevents the InvariantError path that was retaining per-request RSS
under bot pressure (memory climbed 100MB → 1.35GB in ~13h on
threatcrush.com on 2026-05-12 before this).
Deletes apps/web/instrumentation.ts — it existed only to host the
console.error suppression added in 14f9816, and Sentry instrumentation
was already gone.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent 14f9816 commit 6c41d3e
2 files changed
Lines changed: 19 additions & 18 deletions
This file was deleted.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
0 commit comments