nextjs-redirect-request-url
Redirect uses request.url as URL base, which is wrong behind a reverse proxy.
Applies to: JavaScript, TypeScript
Why this matters
When a Next.js app runs behind a reverse proxy, load balancer, or in Docker, request.url contains the internal hostname (e.g., http://localhost:3000). Using it as the base for new URL() in redirects sends users to the internal host instead of your public domain. Use process.env.NEXT_PUBLIC_APP_URL or a similar env var as the base URL instead.
Catch it before it ships
pip install stablestack # or: npx stablestackstablestack # scans your project, FRONT004 includedstablestack explain FRONT004FRONT004 is part of the Pro rule set. See pricing — the free tier ships 24 checks with no signup.
False positive in your codebase? Suppress a single line with # noqa: FRONT004
More Frontend checks
tabs-url-routing
MUI Tabs should use URL routing via useSearchParams for bookmarkable/shareable tabs.
FRONT002window-ssr-unsafe
Accessing window/document without SSR check causes server-side errors
FRONT003inline-jsx-handler
Inline arrow functions in JSX cause unnecessary re-renders
FRONT005useeffect-side-effect-unguarded
useEffect contains a mutating HTTP call without a guard against double-firing.
FRONT006stale-time-dependent-ui
Time-dependent filtering without a re-render timer will show stale data.
FRONT007unbounded-ai-output
AI/LLM output rendered in JSX without truncation or overflow handling.
FRONT008loading-returns-null
Returning null during loading causes layout shift and flash of empty content.
FRONT009eager-queries-no-defer
3+ query hooks all firing on mount with no deferred loading.