Block special pages from the public. (#2479)

Otherwise, users could invoke 500 errors.

Block special pages from the public. (#2479)
Otherwise, users could invoke 500 errors.
1c7b2603 · Arunoda Susiripala · GitHub · ace1939c · 1c7b2603 · 1c7b2603
显示空白变更内容
内联并排

Showing with 17 addition and 0 deletion

server/index.js server/index.js +9 -0

test/integration/production/test/index.test.js test/integration/production/test/index.test.js +8 -0

未找到文件。
--- a/server/index.js
+++ b/server/index.js
@@ -24,6 +24,11 @@ const internalPrefixes = [
  /^\/static\//
 ]

+const blockedPages = {
+  '/_document': true,
+  '/_error': true
+}
+
 export default class Server {
  constructor ({ dir = '.', dev = false, staticMarkup = false, quiet = false, conf = null } = {}) {
    this.dir = resolve(dir)
@@ -251,6 +256,10 @@ export default class Server {
      return this.handleRequest(req, res, parsedUrl)
    }

+    if (blockedPages[pathname]) {
+      return await this.render404(req, res, parsedUrl)
+    }
+
    if (this.config.poweredByHeader) {
      res.setHeader('X-Powered-By', `Next.js ${pkg.version}`)
    }

--- a/test/integration/production/test/index.test.js
+++ b/test/integration/production/test/index.test.js
@@ -49,6 +49,14 @@ describe('Production Usage', () => {
      const res2 = await fetch(url, { headers })
      expect(res2.status).toBe(304)
    })
+
+    it('should block special pages', async () => {
+      const urls = ['/_document', '/_error']
+      for (const url of urls) {
+        const html = await renderViaHTTP(appPort, url)
+        expect(html).toMatch(/404/)
+      }
+    })
  })

  describe('With navigation', () => {