From 34830a05c940ec2bbabe3358df50c2d48593ca74 Mon Sep 17 00:00:00 2001 From: cyrilf Date: Mon, 24 Jul 2017 16:35:47 +0200 Subject: [PATCH 1/5] Add a missing slash (#2634) Improving `next.js`, one slash at a time --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 8cc03351..749cc592 100644 --- a/readme.md +++ b/readme.md @@ -339,7 +339,7 @@ export default () => ( // pages/index.js import Link from 'next/link' export default () => ( -
Click
+
Click
) ``` From 93e15a23b9776df67aeec01a989a9d24d80ea0df Mon Sep 17 00:00:00 2001 From: Renan Couto Date: Thu, 27 Jul 2017 10:17:49 +0200 Subject: [PATCH 2/5] Remove `stage-0` from dependencies on example (#2656) This PR removes `babel-preset-stage-0` from the dependencies list, that was missing on #1959. --- examples/with-styled-components/package.json | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/with-styled-components/package.json b/examples/with-styled-components/package.json index fd7a1cf9..c50a61b1 100644 --- a/examples/with-styled-components/package.json +++ b/examples/with-styled-components/package.json @@ -8,7 +8,6 @@ }, "dependencies": { "babel-plugin-styled-components": "^1.1.4", - "babel-preset-stage-0": "^6.24.1", "next": "latest", "react": "^15.4.2", "react-dom": "^15.4.2", From 23444fc74e3e69ec159219b0079e2021270da140 Mon Sep 17 00:00:00 2001 From: Laurie Voss Date: Thu, 27 Jul 2017 22:10:17 -0700 Subject: [PATCH 3/5] Minor grammatical fix: "resembling of" -> "similar to" (#2669) --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 749cc592..3122b31f 100644 --- a/readme.md +++ b/readme.md @@ -110,7 +110,7 @@ export default () => (

-We bundle [styled-jsx](https://github.com/zeit/styled-jsx) to provide support for isolated scoped CSS. The aim is to support "shadow CSS" resembling of Web Components, which unfortunately [do not support server-rendering and are JS-only](https://github.com/w3c/webcomponents/issues/71). +We bundle [styled-jsx](https://github.com/zeit/styled-jsx) to provide support for isolated scoped CSS. The aim is to support "shadow CSS" similar to Web Components, which unfortunately [do not support server-rendering and are JS-only](https://github.com/w3c/webcomponents/issues/71). ```jsx export default () => ( From 5ce4f432cd93dc28907d48d7b09353a8dd53062d Mon Sep 17 00:00:00 2001 From: Arunoda Susiripala Date: Fri, 28 Jul 2017 18:33:39 +0530 Subject: [PATCH 4/5] Make sure the /static working properly. (#2675) --- server/index.js | 12 ++++++++++-- test/integration/production/static/data/item.txt | 1 + test/integration/production/test/index.test.js | 11 +++++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 test/integration/production/static/data/item.txt diff --git a/server/index.js b/server/index.js index 82f54d69..513a87e1 100644 --- a/server/index.js +++ b/server/index.js @@ -171,12 +171,20 @@ export default class Server { await renderScript(req, res, page, this.renderOpts) }, - '/_next/:path?': async (req, res, params) => { + // It's very important keep this route's param optional. + // (but it should support as many as params, seperated by '/') + // Othewise this will lead to a pretty simple DOS attack. + // See more: https://github.com/zeit/next.js/issues/2617 + '/_next/:path*': async (req, res, params) => { const p = join(__dirname, '..', 'client', ...(params.path || [])) await this.serveStatic(req, res, p) }, - '/static/:path?': async (req, res, params) => { + // It's very important keep this route's param optional. + // (but it should support as many as params, seperated by '/') + // Othewise this will lead to a pretty simple DOS attack. + // See more: https://github.com/zeit/next.js/issues/2617 + '/static/:path*': async (req, res, params) => { const p = join(this.dir, 'static', ...(params.path || [])) await this.serveStatic(req, res, p) } diff --git a/test/integration/production/static/data/item.txt b/test/integration/production/static/data/item.txt new file mode 100644 index 00000000..a7130742 --- /dev/null +++ b/test/integration/production/static/data/item.txt @@ -0,0 +1 @@ +item \ No newline at end of file diff --git a/test/integration/production/test/index.test.js b/test/integration/production/test/index.test.js index 40eb47a1..5d3a715f 100644 --- a/test/integration/production/test/index.test.js +++ b/test/integration/production/test/index.test.js @@ -77,4 +77,15 @@ describe('Production Usage', () => { browser.close() }) }) + + describe('Misc', () => { + it('should allow to access /static/ and /_next/', async () => { + // This is a test case which prevent the following issue happening again. + // See: https://github.com/zeit/next.js/issues/2617 + await renderViaHTTP(appPort, '/_next/') + await renderViaHTTP(appPort, '/static/') + const data = await renderViaHTTP(appPort, '/static/data/item.txt') + expect(data).toBe('item') + }) + }) }) From a6d635e1d308b611a2e6e228091a937561f479f4 Mon Sep 17 00:00:00 2001 From: Arunoda Susiripala Date: Fri, 28 Jul 2017 18:36:03 +0530 Subject: [PATCH 5/5] 2.4.9 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1bc94fe0..44f0a194 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "next", - "version": "2.4.8", + "version": "2.4.9", "description": "Minimalistic framework for server-rendered React applications", "main": "./dist/server/next.js", "license": "MIT",