6c674bd3a1
Implement security middleware to prevent directory traversal attacks by detecting and blocking requests containing ".." in decoded URL paths
18 lines
387 B
TypeScript
18 lines
387 B
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
|
|
export function middleware(request: NextRequest) {
|
|
const { pathname } = request.nextUrl;
|
|
|
|
const decodedPath = decodeURIComponent(pathname);
|
|
|
|
if (decodedPath.includes("..")) {
|
|
return new NextResponse("Bad Request", { status: 400 });
|
|
}
|
|
|
|
return NextResponse.next();
|
|
}
|
|
|
|
export const config = {
|
|
matcher: "/:path*",
|
|
};
|