feat: add path traversal protection middleware
Implement security middleware to prevent directory traversal attacks by detecting and blocking requests containing ".." in decoded URL paths
This commit is contained in:
@@ -0,0 +1,17 @@
|
|||||||
|
import { NextRequest, NextResponse } from "next/server";
|
||||||
|
|
||||||
|
export function middleware(request: NextRequest) {
|
||||||
|
const { pathname } = request.nextUrl;
|
||||||
|
|
||||||
|
const decodedPath = decodeURIComponent(pathname);
|
||||||
|
|
||||||
|
if (decodedPath.includes("..")) {
|
||||||
|
return new NextResponse("Bad Request", { status: 400 });
|
||||||
|
}
|
||||||
|
|
||||||
|
return NextResponse.next();
|
||||||
|
}
|
||||||
|
|
||||||
|
export const config = {
|
||||||
|
matcher: "/:path*",
|
||||||
|
};
|
||||||
Reference in New Issue
Block a user