Link to the code that reproduces this issue
https://github.com/neptunus/nextjs-bad-decode
To Reproduce
- run
pnpm run or pnpm build && pnpm start
- navigate to the front page of the demo
- click the links to see different test cases
-- OR --
In any running NextJs app, load any dynamic segment with %A0 in the slug—for example: example.com/foo/%A0
Current vs. Expected behavior
I expected the bad link, which contains an un-decodable entity, to resolve in the same way as the good ones; probably just escaping the percentage sign (as happens with valid encoded characters such as %20)
Loads fine and escapes entities:
foo/this%20is%20fine
Instead, dev resolves to a 400 error and prod resolves to a 500.
You won't see this because the app throws an error:
foo/bar%A0
I expect no un-decodable entities at all to cause a 500 error.
This gets picked up by error-logging apparatuses, causing noise.
Provide environment information
Operating System:
Platform: darwin
Arch: arm64
Version: Darwin Kernel Version 24.6.0: Wed Nov 5 21:33:58 PST 2025; root:xnu-11417.140.69.705.2~1/RELEASE_ARM64_T6000
Available memory (MB): 32768
Available CPU cores: 10
Binaries:
Node: 22.22.0
npm: 10.9.4
Yarn: 1.22.21
pnpm: 8.15.9
Relevant Packages:
next: 16.2.1-canary.26 // Latest available version is detected (16.2.1-canary.26).
eslint-config-next: N/A
react: 19.2.4
react-dom: 19.2.4
typescript: 5.9.3
Next.js Config:
output: N/A
Which area(s) are affected? (Select all that apply)
Dynamic Routes, Error Handling
Which stage(s) are affected? (Select all that apply)
next dev (local), next build (local), next start (local), Vercel (Deployed), Other (Deployed)
Additional context
This problem can be dealt with by redirecting using proxy.ts, but that's a level of overhead I'd rather not have to handle.
Link to the code that reproduces this issue
https://github.com/neptunus/nextjs-bad-decode
To Reproduce
pnpm runorpnpm build && pnpm start-- OR --
In any running NextJs app, load any dynamic segment with
%A0in the slug—for example:example.com/foo/%A0Current vs. Expected behavior
I expected the bad link, which contains an un-decodable entity, to resolve in the same way as the good ones; probably just escaping the percentage sign (as happens with valid encoded characters such as
%20)Loads fine and escapes entities:
Instead, dev resolves to a 400 error and prod resolves to a 500.
You won't see this because the app throws an error:
I expect no un-decodable entities at all to cause a 500 error.
This gets picked up by error-logging apparatuses, causing noise.
Provide environment information
Operating System: Platform: darwin Arch: arm64 Version: Darwin Kernel Version 24.6.0: Wed Nov 5 21:33:58 PST 2025; root:xnu-11417.140.69.705.2~1/RELEASE_ARM64_T6000 Available memory (MB): 32768 Available CPU cores: 10 Binaries: Node: 22.22.0 npm: 10.9.4 Yarn: 1.22.21 pnpm: 8.15.9 Relevant Packages: next: 16.2.1-canary.26 // Latest available version is detected (16.2.1-canary.26). eslint-config-next: N/A react: 19.2.4 react-dom: 19.2.4 typescript: 5.9.3 Next.js Config: output: N/AWhich area(s) are affected? (Select all that apply)
Dynamic Routes, Error Handling
Which stage(s) are affected? (Select all that apply)
next dev (local), next build (local), next start (local), Vercel (Deployed), Other (Deployed)
Additional context
This problem can be dealt with by redirecting using
proxy.ts, but that's a level of overhead I'd rather not have to handle.