feat: add path traversal protection middleware

Implement security middleware to prevent directory traversal attacks by detecting and blocking requests containing ".." in decoded URL paths
This commit is contained in:
AmirReza Jamali
2025-11-02 11:30:17 +03:30
parent 4ee77835a2
commit 6c674bd3a1
+17
View File
@@ -0,0 +1,17 @@
import { NextRequest, NextResponse } from "next/server";
export function middleware(request: NextRequest) {
const { pathname } = request.nextUrl;
const decodedPath = decodeURIComponent(pathname);
if (decodedPath.includes("..")) {
return new NextResponse("Bad Request", { status: 400 });
}
return NextResponse.next();
}
export const config = {
matcher: "/:path*",
};