Add afsrc=1 query param for partner links

[steven-tey]

x-ref: https://blog.pie.org/afsrc-1-a-simple-option-for-consistent-stand-down-in-affiliate-marketing/

Summary by CodeRabbit

Release Notes

• Tests
  • Expanded test coverage for URL parameter validation in redirect operations

---

Summary: URL redirect parameter handling has been enhanced. When certain redirect conditions are met, additional query parameters are now included in destination URLs. Test validation has been updated to verify this parameter behavior and ensure proper URL construction consistency.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
dub	Ready	Preview	Apr 14, 2026 6:33am

[coderabbitai]

📝 Walkthrough

Walkthrough

Two files were modified to add an afsrc=1 query parameter to redirect URLs when a via parameter is present. The implementation was updated in the redirect utility function, and a corresponding test assertion was added to verify this behavior.

Changes

Cohort / File(s)	Summary
Redirect URL Generation apps/web/lib/middleware/utils/get-final-url.ts, apps/web/tests/redirects/index.test.ts	Added afsrc=1 query parameter to redirect URLs alongside the via parameter. Updated test assertion to verify the new parameter is present when via is provided.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A parameter hops in with flair,
afsrc=1 floats through the air,
With via they dance, a perfect pair,
Our redirects now have extra care! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add afsrc=1 query param for partner links' directly and clearly describes the main change: adding an afsrc=1 query parameter to partner links, which is confirmed by the file changes and PR objectives.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch afsrc

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

apps/web/tests/redirects/index.test.ts (1)

30-33: Add a regression case for via/afsrc override attempts.

Nice happy-path assertion. Please add one case with incoming ?via=spoof&afsrc=0 and assert the redirect still ends with partner via and afsrc=1 to lock this behavior.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/web/tests/redirects/index.test.ts` around lines 30 - 33, Add a
regression test that covers an incoming query trying to override via/afsrc: call
the same test helper/path used to produce redirectUrl but include an incoming
query string like "?via=spoof&afsrc=0", then assert that
redirectUrl.searchParams.get("via") equals the expected partner value (not
"spoof") and that redirectUrl.searchParams.get("afsrc") equals "1"; place this
alongside the existing happy-path assertions (the code around options?.via and
redirectUrl) to lock the behavior against override attempts.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/web/lib/middleware/utils/get-final-url.ts`:
- Around line 36-39: Ensure partner parameters 'via' and 'afsrc' cannot be
overridden by incoming query params: when merging passthrough query parameters
into urlObj.searchParams (the merge loop currently around the passthrough
logic), skip keys 'via' and 'afsrc' (i.e., do not set/overwrite
urlObj.searchParams for those keys) or move the code that sets
urlObj.searchParams.set("via", via) and urlObj.searchParams.set("afsrc","1") to
run after the passthrough merge in get-final-url.ts so that urlObj.searchParams
always ends up with the intended partner values; reference the existing
urlObj.searchParams usage and the passthrough merge block (the loop that applies
incoming query params) to implement the fix.

---

Nitpick comments:
In `@apps/web/tests/redirects/index.test.ts`:
- Around line 30-33: Add a regression test that covers an incoming query trying
to override via/afsrc: call the same test helper/path used to produce
redirectUrl but include an incoming query string like "?via=spoof&afsrc=0", then
assert that redirectUrl.searchParams.get("via") equals the expected partner
value (not "spoof") and that redirectUrl.searchParams.get("afsrc") equals "1";
place this alongside the existing happy-path assertions (the code around
options?.via and redirectUrl) to lock the behavior against override attempts.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a2a707e1-76f5-41f9-bb87-7de3da8f9dee

📥 Commits

Reviewing files that changed from the base of the PR and between da1fcdf and 11566cb.

📒 Files selected for processing (2)

• apps/web/lib/middleware/utils/get-final-url.ts
• apps/web/tests/redirects/index.test.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Prevent partner params from being overridden by incoming query params.

via/afsrc=1 are set here, but later passthrough merging can overwrite them (Line 125–129). A request like ?via=spoof&afsrc=0 can break the intended partner-link behavior.

Suggested fix

   for (const [key, value] of searchParams) {
     // we will pass everything except internal query params (dub-no-track and redir_url)
     if (["dub-no-track", REDIRECTION_QUERY_PARAM].includes(key)) continue;
+    // preserve enforced partner attribution params
+    if (via && (key === "via" || key === "afsrc")) continue;
     urlObj.searchParams.set(key, value);
   }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/web/lib/middleware/utils/get-final-url.ts` around lines 36 - 39, Ensure
partner parameters 'via' and 'afsrc' cannot be overridden by incoming query
params: when merging passthrough query parameters into urlObj.searchParams (the
merge loop currently around the passthrough logic), skip keys 'via' and 'afsrc'
(i.e., do not set/overwrite urlObj.searchParams for those keys) or move the code
that sets urlObj.searchParams.set("via", via) and
urlObj.searchParams.set("afsrc","1") to run after the passthrough merge in
get-final-url.ts so that urlObj.searchParams always ends up with the intended
partner values; reference the existing urlObj.searchParams usage and the
passthrough merge block (the loop that applies incoming query params) to
implement the fix.