fix(vite): respect vite proxy in dev middleware

[danielroe]

resolves #33597

🔗 Linked issue

📚 Description

not entirely sure why this was working before 🤔

this will be much simplified when we can use nitro as a vite dev environment

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[pkg-pr-new]

Open in StackBlitz

@nuxt/kit

npm i https://pkg.pr.new/@nuxt/kit@33670

nuxt

npm i https://pkg.pr.new/nuxt@33670

@nuxt/rspack-builder

npm i https://pkg.pr.new/@nuxt/rspack-builder@33670

@nuxt/schema

npm i https://pkg.pr.new/@nuxt/schema@33670

@nuxt/vite-builder

npm i https://pkg.pr.new/@nuxt/vite-builder@33670

@nuxt/webpack-builder

npm i https://pkg.pr.new/@nuxt/webpack-builder@33670

commit: 8aef143

[coderabbitai]

Walkthrough

Reworks the Vite dev-server middleware to use a lazily defined event handler, computing proxy patterns from viteServer.config.server.proxy (supporting string prefixes and validated regexes) and adding an isProxyPath check. Request routing logic now computes isBasePath and determines isViteRoute by combining base-path, per-request Vite routes and proxy awareness. Handlers set event.node.req._skip_transform for non-Vite or proxied requests; CORS and Vary header handling and existing 404 behaviour are preserved within the new control flow.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–30 minutes

• Correctness and edge cases of proxyPatterns extraction from viteServer.config.server.proxy (string vs regex, invalid entries).
• Behaviour and performance of isProxyPath matching against request URLs and interaction with base-path checks.
• Interaction between the new lazy event handler flow and the existing Vite route collection; ensure no regressions when viteServer or config are absent.
• Proper preservation of CORS, Vary header handling and the existing 404/throwing conditions within the refactored control flow.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: fixing Vite proxy handling in the dev middleware.
Description check	✅ Passed	The description is related to the changeset, referencing the linked issue and explaining the fix involves respecting Vite proxy configuration.
Linked Issues check	✅ Passed	The code changes directly address the requirement from issue #33597: respecting vite.server.proxy configuration to proxy requests to target servers rather than handling them with Nuxt.
Out of Scope Changes check	✅ Passed	All changes in the dev-server.ts file are focused on implementing proxy path awareness and routing logic to respect Vite proxy configuration, which is directly in scope.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/vite-proxy

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8b8cfca and 8aef143.

📒 Files selected for processing (1)

• packages/vite/src/plugins/dev-server.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Follow standard TypeScript conventions and best practices

Files:

• packages/vite/src/plugins/dev-server.ts

🧠 Learnings (2)

📚 Learning: 2024-11-28T21:22:40.496Z

Learnt from: GalacticHypernova
Repo: nuxt/nuxt PR: 29661
File: packages/kit/src/template.ts:227-229
Timestamp: 2024-11-28T21:22:40.496Z
Learning: In `packages/kit/src/template.ts`, when updating the `EXTENSION_RE` regular expression for TypeScript configuration, avoid using patterns like `(\.\w+)+$` as they can result in catastrophic backtracking.

Applied to files:

• packages/vite/src/plugins/dev-server.ts

📚 Learning: 2025-04-18T18:33:41.753Z

Learnt from: TheAlexLichter
Repo: nuxt/nuxt PR: 31812
File: packages/nuxt/src/components/plugins/islands-transform.ts:202-202
Timestamp: 2025-04-18T18:33:41.753Z
Learning: In Nuxt, using `rolldownVersion` (not `rollupVersion`) is intentional when detecting if rolldown-vite is being used, even though TypeScript may show an error because the property isn't in standard type definitions yet.

Applied to files:

• packages/vite/src/plugins/dev-server.ts

🪛 ast-grep (0.39.7)

packages/vite/src/plugins/dev-server.ts

[warning] 118-118: Regular expression constructed from variable input detected. This can lead to Regular Expression Denial of Service (ReDoS) attacks if the variable contains malicious patterns. Use libraries like 'recheck' to validate regex safety or use static patterns.
Context: new RegExp(key)
Note: [CWE-1333] Inefficient Regular Expression Complexity [REFERENCES]
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html

(regexp-from-variable)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build
• GitHub Check: code

🔇 Additional comments (1)

packages/vite/src/plugins/dev-server.ts (1)

117-155: Proxy regex handling restores Vite parity.

Thanks for parsing the proxy table up front and covering both string prefixes and the ^-prefixed regex keys—this now mirrors how Vite delegates to http-proxy, so regex-based proxy entries work again. (v3.vitejs.dev)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6b5d771 and 8b8cfca.

📒 Files selected for processing (1)

• packages/vite/src/plugins/dev-server.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Follow standard TypeScript conventions and best practices

Files:

• packages/vite/src/plugins/dev-server.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (17)

• GitHub Check: test-fixtures (windows-latest, built, vite, async, manifest-on, json, lts/-1)
• GitHub Check: test-fixtures (ubuntu-latest, built, vite, default, manifest-off, json, lts/-1)
• GitHub Check: test-fixtures (ubuntu-latest, built, rspack, default, manifest-on, json, lts/-1)
• GitHub Check: test-fixtures (ubuntu-latest, built, webpack, async, manifest-on, json, lts/-1)
• GitHub Check: test-fixtures (windows-latest, dev, vite, default, manifest-on, json, lts/-1)
• GitHub Check: test-fixtures (ubuntu-latest, built, vite-env-api, async, manifest-on, json, lts/-1)
• GitHub Check: test-fixtures (ubuntu-latest, dev, vite, async, manifest-on, json, lts/-1)
• GitHub Check: test-fixtures (ubuntu-latest, built, vite, async, manifest-on, json, lts/-1)
• GitHub Check: test-fixtures (ubuntu-latest, dev, vite-env-api, async, manifest-on, json, lts/-1)
• GitHub Check: test-fixtures (ubuntu-latest, dev, vite, default, manifest-on, json, lts/-1)
• GitHub Check: test-fixtures (ubuntu-latest, dev, vite, default, manifest-off, json, lts/-1)
• GitHub Check: release-pkg-pr-new
• GitHub Check: typecheck (ubuntu-latest, bundler)
• GitHub Check: typecheck (windows-latest, bundler)
• GitHub Check: test-size
• GitHub Check: test-benchmark
• GitHub Check: code

🔇 Additional comments (3)

packages/vite/src/plugins/dev-server.ts (3)

124-124: LGTM!

Computing isBasePath upfront improves code clarity. The non-null assertion on viteServer.config.base is safe, as Vite always provides a default value of '/'.

---

125-132: LGTM!

Guarding the vite route collection with the isBasePath check is a sensible optimization that prevents unnecessary processing for base path requests.

---

133-133: LGTM!

The additional !isProxyPath(event.path) condition correctly prevents proxy-destined requests from being marked to skip transform. This ensures they're handled by Vite's proxy middleware, which directly addresses the regression described in issue #33597.

[codspeed-hq]

CodSpeed Performance Report

Merging #33670 will not alter performance

_{Comparing fix/vite-proxy (8aef143) with main (6b5d771)}

Summary

✅ 10 untouched