terribleplan/next.js
1
0
Fork 0
mirror of https://github.com/terribleplan/next.js.git synced 2024-01-19 02:48:18 +00:00
Code Issues Releases Wiki Activity

Add a test case to prevent issue #2617 to happen again.

Browse source
This commit is contained in:
Arunoda Susiripala 2017-07-24 11:43:45 +05:30
parent c3fd0ed51a
commit 564dbdd237
2 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server/index.js
View file

@ -199,11 +199,17 @@ export default class Server {
await renderScript(req, res, page, this.renderOpts)
},
// It's very important keep this route's param optional.
// Othewise this will lead to a pretty simple DOS attack.
// See more: https://github.com/zeit/next.js/issues/2617
'/_next/:path?': async (req, res, params) => {
const p = join(__dirname, '..', 'client', ...(params.path || []))
await this.serveStatic(req, res, p)
},
// It's very important keep this route's param optional.
// Othewise this will lead to a pretty simple DOS attack.
// See more: https://github.com/zeit/next.js/issues/2617
'/static/:path?': async (req, res, params) => {
const p = join(this.dir, 'static', ...(params.path || []))
await this.serveStatic(req, res, p)

7
test/integration/production/test/index.test.js
View file

@ -101,6 +101,13 @@ describe('Production Usage', () => {
const html = await app.renderToHTML({}, res, '/finish-response', {})
expect(html).toBeFalsy()
})
it('should allow to access /static/ and /_next/', async () => {
// This is a test case which prevent the following issue happening again.
// See: https://github.com/zeit/next.js/issues/2617
await renderViaHTTP(appPort, '/_next/')
await renderViaHTTP(appPort, '/static/')
})
})
describe('X-Powered-By header', () => {