fix: prevent Hono from overriding global Response object (v1.x) (#1411)

Author: mattzcarey

package-lock.json

@@ -86,7 +86,7 @@
         "client": "tsx scripts/cli.ts client"
     },
     "dependencies": {
-        "@hono/node-server": "^1.19.7",
+        "@hono/node-server": "^1.19.9",
         "ajv": "^8.17.1",
         "ajv-formats": "^3.0.1",
         "content-type": "^1.0.5",

package.json

@@ -78,14 +78,19 @@ export class StreamableHTTPServerTransport implements Transport {
 
         // Create a request listener that wraps the web standard transport
         // getRequestListener converts Node.js HTTP to Web Standard and properly handles SSE streaming
-        this._requestListener = getRequestListener(async (webRequest: Request) => {
-            // Get context if available (set during handleRequest)
-            const context = this._requestContext.get(webRequest);
-            return this._webStandardTransport.handleRequest(webRequest, {
-                authInfo: context?.authInfo,
-                parsedBody: context?.parsedBody
-            });
-        });
+        // overrideGlobalObjects: false prevents Hono from overwriting global Response, which would
+        // break frameworks like Next.js whose response classes extend the native Response
+        this._requestListener = getRequestListener(
+            async (webRequest: Request) => {
+                // Get context if available (set during handleRequest)
+                const context = this._requestContext.get(webRequest);
+                return this._webStandardTransport.handleRequest(webRequest, {
+                    authInfo: context?.authInfo,
+                    parsedBody: context?.parsedBody
+                });
+            },
+            { overrideGlobalObjects: false }
+        );
     }
 
     /**
@@ -166,12 +171,17 @@ export class StreamableHTTPServerTransport implements Transport {
         const authInfo = req.auth;
 
         // Create a custom handler that includes our context
-        const handler = getRequestListener(async (webRequest: Request) => {
-            return this._webStandardTransport.handleRequest(webRequest, {
-                authInfo,
-                parsedBody
-            });
-        });
+        // overrideGlobalObjects: false prevents Hono from overwriting global Response, which would
+        // break frameworks like Next.js whose response classes extend the native Response
+        const handler = getRequestListener(
+            async (webRequest: Request) => {
+                return this._webStandardTransport.handleRequest(webRequest, {
+                    authInfo,
+                    parsedBody
+                });
+            },
+            { overrideGlobalObjects: false }
+        );
 
         // Delegate to the request listener which handles all the Node.js <-> Web Standard conversion
         // including proper SSE streaming support

src/server/streamableHttp.ts

@@ -2910,6 +2910,89 @@ describe.each(zodTestMatrix)('$zodVersionLabel', (entry: ZodMatrixEntry) => {
     });
 });
 
+describe('StreamableHTTPServerTransport global Response preservation', () => {
+    it('should not override the global Response object', () => {
+        // Store reference to the original global Response constructor
+        const OriginalResponse = globalThis.Response;
+
+        // Create a custom class that extends Response (similar to Next.js's NextResponse)
+        class CustomResponse extends Response {
+            customProperty = 'test';
+        }
+
+        // Verify instanceof works before creating transport
+        const customResponseBefore = new CustomResponse('test body');
+        expect(customResponseBefore instanceof Response).toBe(true);
+        expect(customResponseBefore instanceof OriginalResponse).toBe(true);
+
+        // Create the transport - this should NOT override globalThis.Response
+        const transport = new StreamableHTTPServerTransport({
+            sessionIdGenerator: () => randomUUID()
+        });
+
+        // Verify the global Response is still the original
+        expect(globalThis.Response).toBe(OriginalResponse);
+
+        // Verify instanceof still works after creating transport
+        const customResponseAfter = new CustomResponse('test body');
+        expect(customResponseAfter instanceof Response).toBe(true);
+        expect(customResponseAfter instanceof OriginalResponse).toBe(true);
+
+        // Verify that instances created before transport initialization still work
+        expect(customResponseBefore instanceof Response).toBe(true);
+
+        // Clean up
+        transport.close();
+    });
+
+    it('should not override the global Response object when calling handleRequest', async () => {
+        // Store reference to the original global Response constructor
+        const OriginalResponse = globalThis.Response;
+
+        // Create a custom class that extends Response
+        class CustomResponse extends Response {
+            customProperty = 'test';
+        }
+
+        const transport = new StreamableHTTPServerTransport({
+            sessionIdGenerator: () => randomUUID()
+        });
+
+        // Create a mock server to test handleRequest
+        const port = await getFreePort();
+        const httpServer = createServer(async (req, res) => {
+            await transport.handleRequest(req as IncomingMessage & { auth?: AuthInfo }, res);
+        });
+
+        await new Promise<void>(resolve => {
+            httpServer.listen(port, () => resolve());
+        });
+
+        try {
+            // Make a request to trigger handleRequest
+            await fetch(`http://localhost:${port}`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    Accept: 'application/json, text/event-stream'
+                },
+                body: JSON.stringify(TEST_MESSAGES.initialize)
+            });
+
+            // Verify the global Response is still the original after handleRequest
+            expect(globalThis.Response).toBe(OriginalResponse);
+
+            // Verify instanceof still works
+            const customResponse = new CustomResponse('test body');
+            expect(customResponse instanceof Response).toBe(true);
+            expect(customResponse instanceof OriginalResponse).toBe(true);
+        } finally {
+            await transport.close();
+            httpServer.close();
+        }
+    });
+});
+
 /**
  * Helper to create test server with DNS rebinding protection options
  */