Skip to content

fix: restore non-fatal BotID checks#30

Draft
cursor[bot] wants to merge 1 commit intomainfrom
cursor/sentry-issue-regression-bfd7
Draft

fix: restore non-fatal BotID checks#30
cursor[bot] wants to merge 1 commit intomainfrom
cursor/sentry-issue-regression-bfd7

Conversation

@cursor
Copy link
Copy Markdown

@cursor cursor Bot commented Apr 14, 2026

Description

Fixes a regression in WEBVITALS-3K.

  • Root cause: checkBotId() was called unconditionally in both protected POST routes. When the BotID request arrived without the x-vercel-oidc-token header, the BotID library threw before either handler could continue or return a controlled response.
  • Regression vector: commit 9fd107e (simplify botid check) removed the Vercel-only guard and the exception handling that had been introduced by PR Improve robustness of BotID check by handling exceptions #9 / merge commit 5f16250ac3adf63eb8918b40465ebf8ca9c0dd7f.
  • Fix: restore the production-only BotID gate and catch BotID exceptions in /api/chat and /api/follow-up-suggestions, allowing legitimate requests to proceed when verification headers are missing while still blocking confirmed bots.

Sentry Context

Type of Change

  • Bug fix
  • New feature
  • Documentation
  • Refactoring

Verification

  • Local pnpm dev server started successfully in automation.
  • POST /api/follow-up-suggestions returned HTTP 200 locally instead of throwing the missing x-vercel-oidc-token error.
  • POST /api/chat returned HTTP 200 locally and completed its streamed response.
  • Screenshot unavailable in this automation environment; verification was performed directly against the local API routes.

Checklist

  • Tested locally
  • Types pass (pnpm check-types)
  • Linting passes (pnpm lint) — blocked by pre-existing repository-wide Biome findings unrelated to this patch

Test plan

  • Type checker passes
  • Linter passes
  • Affected code path manually verified against the local server
Open in Web View Automation 

@cursoragent @sergical
fix(api): Restore BotID exception handling
fb741aa 
Restore the Vercel-only BotID guard and catch BotID lookup failures in\nboth POST routes. This prevents missing x-vercel-oidc-token headers\nfrom crashing legitimate follow-up and chat requests after the\nsimplified BotID check reintroduced the original failure mode.\n\nFixes WEBVITALS-3K\nCo-Authored-By: Claude <noreply@anthropic.com>

Co-authored-by: Sergiy Dybskiy <s@serg.tech>
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 14, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
webvitals-com Ready Ready Preview, Comment Apr 14, 2026 6:42pm
webvitals.com Ready Ready Preview, Comment Apr 14, 2026 6:42pm

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cursoragent