Skip to content

chore: add debug log for failed preview mode cookie verification#90165

Open
Dustaboy3 wants to merge 4 commits intovercel:canaryfrom
Dustaboy3:patch-3
Open

chore: add debug log for failed preview mode cookie verification#90165
Dustaboy3 wants to merge 4 commits intovercel:canaryfrom
Dustaboy3:patch-3

Conversation

@Dustaboy3
Copy link

What

Adds a debug log when preview mode cookie verification fails in tryGetPreviewData.

The log is emitted using Next.js' internal debug logger and is only visible when the corresponding DEBUG namespace is enabled.

Why

Currently, JWT verification failures in preview mode are silently handled by clearing preview data and returning false.

Adding a debug log improves developer experience when troubleshooting preview/draft mode issues, without introducing production log noise.

Notes

  • Uses next/dist/compiled/debug
  • Log is behind the next:server:preview namespace
  • Does not log cookie or token contents
  • No behavioral changes

## What

Adds a debug log when preview mode cookie verification fails in
`tryGetPreviewData`.

The log is emitted using Next.js' internal `debug` logger and is only
visible when the corresponding `DEBUG` namespace is enabled.

## Why

Currently, JWT verification failures in preview mode are silently handled
by clearing preview data and returning `false`.

Adding a debug log improves developer experience when troubleshooting
preview/draft mode issues, without introducing production log noise.

## Notes

- Uses `next/dist/compiled/debug`
- Log is behind the `next:server:preview` namespace
- Does not log cookie or token contents
- No behavioral changes
@nextjs-bot
Copy link
Collaborator

Allow CI Workflow Run

  • approve CI run for commit: 8dd245b

Note: this should only be enabled once the PR is ready to go and can only be enabled by a maintainer

@nextjs-bot
Copy link
Collaborator

nextjs-bot commented Feb 18, 2026

Allow CI Workflow Run

  • approve CI run for commit: 0187389

Note: this should only be enabled once the PR is ready to go and can only be enabled by a maintainer

@Dustaboy3
Copy link
Author

This PR is ready for review. Could a maintainer please approve the CI workflow run?

Copy link

@suramkavyasree suramkavyasree left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ Code Review: Changes Requested

The code introduces a debug log for failed preview mode cookie verification, enhancing developer troubleshooting without affecting production logs. However, there are concerns about potential exposure of error details and lack of error logging in production. Additionally, there are TODO comments that may need addressing.

Issue Summary

Severity Count
⚠️ High 1
🔶 Medium 1
ℹ️ Info 2

Automated review by Code Review Agent

📋 General Comments

The following issues were found but could not be posted as inline comments (likely due to line number mismatches or being outside the PR diff context):

TODO comment found

File: packages/next/src/server/api-utils/node/try-get-preview-data.ts:32

TODO: use request metadata instead of a symbol


TODO comment found

File: packages/next/src/server/api-utils/node/try-get-preview-data.ts:107

TODO: strict runtime type checking


Remove the error object from the debug log in `tryGetPreviewData`
to avoid potential exposure of sensitive information.

The log message remains behind the DEBUG namespace and continues
to provide context for failed preview mode cookie verification
without including any error details.

No behavioral changes.
@Dustaboy3
Copy link
Author

The other TODO comments are pre-existing and out of scope for this PR.

Dustaboy3 and others added 2 commits February 19, 2026 15:29
Co-authored-by: vercel[bot] <35613825+vercel[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants

Comments