feat: add path traversal protection middleware
Implement security middleware to prevent directory traversal attacks by detecting and blocking requests containing ".." in decoded URL paths
This commit is contained in:
@@ -0,0 +1,17 @@
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
|
||||
export function middleware(request: NextRequest) {
|
||||
const { pathname } = request.nextUrl;
|
||||
|
||||
const decodedPath = decodeURIComponent(pathname);
|
||||
|
||||
if (decodedPath.includes("..")) {
|
||||
return new NextResponse("Bad Request", { status: 400 });
|
||||
}
|
||||
|
||||
return NextResponse.next();
|
||||
}
|
||||
|
||||
export const config = {
|
||||
matcher: "/:path*",
|
||||
};
|
||||
Reference in New Issue
Block a user