fix(dev): route asset-extensioned and query-suffixed URLs through Nitro when a route matches

[harshagarwalnyu]

Problem

Two related regressions in nitroDevMiddlewarePre (introduced around #4238):

1. Asset-extension routing (Vite dev middleware swallows asset-extensioned URLs #4252, Regression - Sec-fetch-dest: image header causes 404 on API-served images (regression in 3.0.260429-beta) #4241): URLs with asset-like extensions (.jpg, .png, …) are intercepted by Vite's static middleware even when an explicit Nitro route matches. <img src="/api/photos/12345.jpg"> with sec-fetch-dest: image returns a 404 from serve-static instead of reaching the handler.

2. Vite query suffix externalization: Imports with Vite-specific query suffixes (?url, ?raw, ?inline, ?worker) in SSR environments are incorrectly externalized rather than being routed through Vite's asset plugin pipeline.

Root Cause

Issue 1 (configureViteDevServer):
The current nitroWins logic applies the asset-extension guard uniformly to all Nitro routes. A root-level wildcard (/**) can legitimately swallow Vite's own <script src=".../entry.ts"> requests, so it needs the guard. But a prefixed route like /api/photos/** never matches Vite-managed paths — the guard should not apply to it.

Issue 2 (FetchableDevEnvironment.fetchModule; env.ts):
Imports with Vite query suffixes (?url etc.) are treated as bare module imports and fall through to the external resolver, which marks them as external and bypasses Vite's asset plugins entirely.

Fix

Routing fix

Extracts the matched route pattern from nitroRouteMatch and checks whether it is a root wildcard (/** / /**:). Only root wildcards get the asset-extension guard; all other explicit routes always win:

const isRootWildcard =
  matchedRoutePattern === "/**" ||
  matchedRoutePattern?.startsWith("/**:");
const nitroWins = isNitroRoute && (!isRootWildcard || !(isAssetByExt && treatAsAsset));

Query import fix

• Adds ?url|raw|inline|worker to noExternal so the bundler does not externalize these imports.
• In fetchModule, detects hasQuery and forces query-suffixed imports through resolveId → transformRequest even when preventExternalize is not set.

Tests

Seven integration tests in test/vite/baseurl-dotted-param.test.ts cover:

• Dotted path params (e.g. v1.2.3)
• Extensionless URLs with sec-fetch-dest: image
• Prefixed splat + asset extension (/api/** + .jpg)
• Root wildcard does NOT swallow Vite asset serves
• Root wildcard DOES handle non-asset extensions
• Query string with asset extension
• Accept: text/html navigation override

All 7 pass. pnpm fmt and pnpm typecheck clean.

Related

• Closes Vite dev middleware swallows asset-extensioned URLs #4252 — Vite dev middleware swallows asset-extensioned URLs
• Related to Regression - Sec-fetch-dest: image header causes 404 on API-served images (regression in 3.0.260429-beta) #4241 — sec-fetch-dest: image causes 404 on API-served images
• Related to Accessing via a non-localhost URL breaks vite dev server #4234 — Non-localhost URL breaks vite dev server

[vercel]

@harshagarwalnyu is attempting to deploy a commit to the Nitro Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 975ef560-f79a-4087-b395-585b668e3753

📥 Commits

Reviewing files that changed from the base of the PR and between 971d054 and 34ead56.

📒 Files selected for processing (1)

• src/build/vite/dev.ts

---

📝 Walkthrough

Walkthrough

Refines Vite dev behavior: treat Vite query-suffixed imports as non-external and resolvable by the plugin container; change nitroDevMiddlewarePre to match Nitro routes by pathname so explicit Nitro routes win over Vite asset heuristics while root wildcards retain asset suppression.

Changes

Asset-Extensioned Route Matching Fix

Layer / File(s)	Summary
Module resolution noExternal configuration src/build/vite/env.ts	Adds regex matcher to dev-mode resolve.noExternal list to identify Vite-resolved module requests with query suffixes (?url, ?raw, ?inline, ?worker) as non-external.
FetchableDevEnvironment query-suffix interception src/build/vite/dev.ts	Updates fetchModule to intercept module imports with Vite query suffixes (in addition to preventExternalize), resolving them via pluginContainer.resolveId and accepting the result when non-external or when the original request included a Vite query suffix.
Dev middleware route precedence logic src/build/vite/dev.ts	Refactors nitroDevMiddlewarePre to compute a request pathname, match Nitro routes to derive the matched pattern (explicit vs root-wildcard), and set nitroWins so explicit Nitro routes handle asset-tagged requests while preserving root-wildcard suppression for asset loads.
Test fixture and route-precedence assertions test/vite/baseurl-dotted-param-fixture/routes/[...path].ts, test/vite/baseurl-dotted-param.test.ts	Adds a root-wildcard route fixture and replaces a prior test with three assertions validating that prefixed splat Nitro routes override Vite asset handling, root wildcards preserve asset suppression, and root wildcards swallow non-asset URLs.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• nitrojs/nitro#3817: Modifies src/build/vite/dev.ts nitroDevMiddlewarePre routing logic to adjust when the dev middleware should be skipped.
• nitrojs/nitro#3854: Changes dev resolve.noExternal/external dependency handling in src/build/vite/env.ts (related to treating certain imports as non-external).
• nitrojs/nitro#4238: Adjusts dev middleware routing and tests around asset request handling when sec-fetch-dest is absent.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows conventional commits format with 'fix' type and clear scope (dev), describing the main change about routing asset-extensioned and query-suffixed URLs through Nitro when a route matches.
Description check	✅ Passed	The PR description comprehensively explains both problems, root causes, the implemented fixes, and test coverage, all directly related to the code changes in the changeset.
Linked Issues check	✅ Passed	The PR fully addresses the coding requirements from #4252: it restores matching Nitro route behavior for asset-extensioned URLs, avoids unconditional req._nitroHandled poisoning, and adds query-suffix handling through noExternal and fetchModule interception.
Out of Scope Changes check	✅ Passed	All changes directly address the stated objectives: routing fixes in dev.ts and env.ts, test fixture and test suite additions for validation, with no extraneous modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

⚔️ Resolve merge conflicts

• Resolve merge conflict in branch fix/dev-middleware-asset-ext-swallows-routes

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR adjusts Vite dev-mode routing/externalization behavior so Vite query-suffixed imports (e.g. ?url) and Nitro wildcard routes interact correctly under baseURL, and adds regression coverage for the updated routing rules.

Changes:

• Add dev-env interception for query-suffixed module IDs so Vite asset plugins handle them rather than SSR externalization.
• Refine dev server routing so root-level wildcards don’t swallow Vite asset-extension requests, while prefixed splat Nitro routes can still win.
• Expand test coverage and add a root catch-all Nitro fixture route for routing regressions.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
test/vite/baseurl-dotted-param.test.ts	Updates/adds regression tests for Nitro vs Vite routing under baseURL (root wildcard vs prefixed splat behavior).
test/vite/baseurl-dotted-param-fixture/routes/[...path].ts	Adds a root wildcard Nitro route fixture used to validate wildcard routing behavior.
src/build/vite/env.ts	Extends the noExternal configuration to account for Vite query suffixes.
src/build/vite/dev.ts	Adjusts module fetching/externalization logic for query IDs and refines Nitro-vs-Vite routing decisions for wildcard routes.

[harshagarwalnyu]

Fixed in 34ead56: extracted VITE_QUERY_RE = /\?(url|raw|inline|worker)(?:&|$)/ as a module-level constant and replaced hasQuery with hasViteQuery, keeping the behavior consistent with the noExternal pattern in env.ts.

[pi0]

Have you seen #4272 ? what is diffenet from #4266 (comment) ?

[pi0]

Closing as

1. pr is stalled
2. it very much looks like AI code without human in loop
3. likely has not been tested against latest nightly or lacks reproduction of what is remaining