0dd94836a8 fix: add explicit checks for RSC header (#83) (#98)
d166096c39 fix proxy matching for segment prefetch URLs (#89) (#96)
9d50c0b719 Strip next-resume header from incoming requests (#92)
ed41d1d454 Move htmlescape to shared/lib (#91)
b4c6705c70 Ignore malformed CSP nonce headers
5b194ee2d4 router-server: guard upgrade proxy against absolute-url SSRF (#77)
66f6017f15 Escape properties for beforeInteractive scripts (#86)
f1c11203d5 [backport] Fix double-encoding of URL pathname parts in client param parsing (#93506)
af0e96ba23 Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)
6fd09bf8ab Patch setHeader for direct route handlers (#93101)
688ed31e21 Strengthen _rsc cache-busting param (#92755)
15341fdf49 Ensure x-nextjs-data header is only set during resolve (#92752)