early bail out for apps without server actions

[NoahCxrest]

this change moves the hasServerActions() check to occur immediately after determining that a request could potentially be a server action, before any expensive operations like CSRF validation, header parsing, or body processing.

apps without server actions were still performing significant CPU work (CSRF checks, header parsing, etc.) when receiving spam requests that mimic server action calls, leading to high CPU usage even though no actions exist. (this was an issue in my app, and its what caused my next.js site go down. see #87771

by checking hasServerActions() early, we can immediately return a 404 for fetch actions or null for non-fetch requests, avoiding all the unnecessary processing. This significantly reduces CPU overhead for spam requests on pages that don't use server actions.

[nextjs-bot]

Allow CI Workflow Run

• approve CI run for commit: fed773e

Note: this should only be enabled once the PR is ready to go and can only be enabled by a maintainer

[Copilot]

Pull request overview

This PR optimizes server action handling by moving the hasServerActions() check to occur immediately after determining a request could potentially be a server action, before expensive operations like CSRF validation, header parsing, and body processing. This significantly reduces CPU overhead for spam requests on applications without server actions.

Key Changes

• Early bailout for apps without server actions to avoid unnecessary CPU work
• Enhanced error message when no server actions are available in the application
• Consistent use of getActionNotFoundError() helper throughout the codebase

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.