next/image serves files other than images from public dir #23312

FDiskas · 2021-03-23T13:02:46Z

What version of Next.js are you using?

10.0.7

What version of Node.js are you using?

14.15.1

What browser are you using?

chrome

What operating system are you using?

linux

How are you deploying your application?

next start

Describe the Bug

next/image package should not serve other files rather then only images excluding svg

Expected Behavior

only image are allowed, excluding svg - it is responsive by it self

To Reproduce

create simple nextjs app
add simple json file to public/locales/en-GB/common.json with some sample json content
run npm build
run npm start
navigate to http://localhost:3000/_next/image?url=/locales/en-GB/common.json&w=640&q=75

The text was updated successfully, but these errors were encountered:

…23366) If the upstream MIME type isn't prefixed with `image/`, the endpoint should directly response with a 400 error. ## Bug - [x] Fixes #23312 - [x] Integration tests added ## Feature - [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR. - [ ] Related issues linked using `fixes #number` - [ ] Integration tests added - [ ] Documentation added - [ ] Telemetry added. In case of a feature if it's used or not. ## Documentation / Examples - [ ] Make sure the linting passes

FDiskas · 2021-03-24T19:40:30Z

@shuding thanks - that was fast :o

…ercel#23366) If the upstream MIME type isn't prefixed with `image/`, the endpoint should directly response with a 400 error. ## Bug - [x] Fixes vercel#23312 - [x] Integration tests added ## Feature - [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR. - [ ] Related issues linked using `fixes #number` - [ ] Integration tests added - [ ] Documentation added - [ ] Telemetry added. In case of a feature if it's used or not. ## Documentation / Examples - [ ] Make sure the linting passes

balazsorban44 · 2022-01-28T14:06:18Z

This issue has been automatically locked due to no recent activity. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.

FDiskas added the bug Issue was opened via the bug report template. label Mar 23, 2021

timneutkens changed the title ~~next/image - security issue? or bug~~ next/image serves files other than images from public dir Mar 23, 2021

shuding self-assigned this Mar 23, 2021

shuding added kind: bug and removed bug Issue was opened via the bug report template. labels Mar 23, 2021

shuding added this to the Iteration 18 milestone Mar 24, 2021

shuding mentioned this issue Mar 24, 2021

Make sure the image optimization endpoint only response with images #23366

Merged

8 tasks

kodiakhq bot closed this as completed in #23366 Mar 24, 2021

shuding mentioned this issue Apr 13, 2021

Signed images from S3 no longer working with next/image #23523

Closed

vercel locked as resolved and limited conversation to collaborators Jan 28, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

next/image serves files other than images from public dir #23312

next/image serves files other than images from public dir #23312

FDiskas commented Mar 23, 2021

FDiskas commented Mar 24, 2021

balazsorban44 commented Jan 28, 2022

next/image serves files other than images from public dir #23312

next/image serves files other than images from public dir #23312

Comments

FDiskas commented Mar 23, 2021

What version of Next.js are you using?

What version of Node.js are you using?

What browser are you using?

What operating system are you using?

How are you deploying your application?

Describe the Bug

Expected Behavior

To Reproduce

FDiskas commented Mar 24, 2021

balazsorban44 commented Jan 28, 2022