Make sure the image optimization endpoint only response with images #23366

shuding · 2021-03-24T17:04:23Z

If the upstream MIME type isn't prefixed with image/, the endpoint should directly response with a 400 error.

Bug

Fixes next/image serves files other than images from public dir #23312
Integration tests added

Feature

Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
Related issues linked using fixes #number
Integration tests added
Documentation added
Telemetry added. In case of a feature if it's used or not.

Documentation / Examples

Make sure the linting passes

ijjk · 2021-03-24T17:16:48Z

Stats from current PR

Default Server Mode (Increase detected ⚠️)

General Overall increase ⚠️

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
buildDuration	15.6s	15.5s	-53ms
nodeModulesSize	61.7 MB	61.7 MB	⚠️ +627 B

Page Load Tests Overall increase ✓

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
/ failed reqs	0	0	✓
/ total time (seconds)	2.027	2.099	⚠️ +0.07
/ avg req/sec	1233.56	1190.86	⚠️ -42.7
/error-in-render failed reqs	0	0	✓
/error-in-render total time (seconds)	1.321	1.261	-0.06
/error-in-render avg req/sec	1893.05	1982.26	+89.21

Client Bundles (main, webpack, commons)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
597-ec2335c0..e105.js gzip	13.3 kB	13.3 kB	✓
778-95c4fcdf..36e9.js gzip	7.06 kB	7.06 kB	✓
framework.HASH.js gzip	39.3 kB	39.3 kB	✓
main-HASH.js gzip	151 B	151 B	✓
webpack-HASH.js gzip	993 B	993 B	✓
Overall change	60.8 kB	60.8 kB	✓

Legacy Client Bundles (polyfills)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
polyfills-HASH.js gzip	31.1 kB	31.1 kB	✓
Overall change	31.1 kB	31.1 kB	✓

Client Pages

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_app-bdbd9e6..6cfe.js gzip	1.3 kB	1.3 kB	✓
_error-b58c1..9b8e.js gzip	3.4 kB	3.4 kB	✓
amp-89a5460c..567f.js gzip	558 B	558 B	✓
hooks-8c2e74..be37.js gzip	924 B	924 B	✓
index-fec729..83b2.js gzip	243 B	243 B	✓
link-d124373..c521.js gzip	1.66 kB	1.66 kB	✓
routerDirect..5759.js gzip	336 B	336 B	✓
withRouter-1..98bf.js gzip	334 B	334 B	✓
Overall change	8.76 kB	8.76 kB	✓

Client Build Manifests

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_buildManifest.js gzip	323 B	323 B	✓
Overall change	323 B	323 B	✓

Rendered Page Sizes

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
index.html gzip	609 B	609 B	✓
link.html gzip	615 B	615 B	✓
withRouter.html gzip	604 B	604 B	✓
Overall change	1.83 kB	1.83 kB	✓

Serverless Mode

General Overall increase ⚠️

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
buildDuration	18.9s	19.2s	⚠️ +255ms
nodeModulesSize	61.7 MB	61.7 MB	⚠️ +627 B

Client Bundles (main, webpack, commons)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
597-ec2335c0..e105.js gzip	13.3 kB	13.3 kB	✓
778-95c4fcdf..36e9.js gzip	7.06 kB	7.06 kB	✓
framework.HASH.js gzip	39.3 kB	39.3 kB	✓
main-HASH.js gzip	151 B	151 B	✓
webpack-HASH.js gzip	993 B	993 B	✓
Overall change	60.8 kB	60.8 kB	✓

Legacy Client Bundles (polyfills)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
polyfills-HASH.js gzip	31.1 kB	31.1 kB	✓
Overall change	31.1 kB	31.1 kB	✓

Client Pages

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_app-bdbd9e6..6cfe.js gzip	1.3 kB	1.3 kB	✓
_error-b58c1..9b8e.js gzip	3.4 kB	3.4 kB	✓
amp-89a5460c..567f.js gzip	558 B	558 B	✓
hooks-8c2e74..be37.js gzip	924 B	924 B	✓
index-fec729..83b2.js gzip	243 B	243 B	✓
link-d124373..c521.js gzip	1.66 kB	1.66 kB	✓
routerDirect..5759.js gzip	336 B	336 B	✓
withRouter-1..98bf.js gzip	334 B	334 B	✓
Overall change	8.76 kB	8.76 kB	✓

Client Build Manifests

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_buildManifest.js gzip	323 B	323 B	✓
Overall change	323 B	323 B	✓

Serverless bundles

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_error.js	1.34 MB	1.34 MB	✓
404.html	2.76 kB	2.76 kB	✓
500.html	2.75 kB	2.75 kB	✓
amp.amp.html	10.6 kB	10.6 kB	✓
amp.html	1.96 kB	1.96 kB	✓
hooks.html	2.01 kB	2.01 kB	✓
index.js	1.34 MB	1.34 MB	✓
link.js	1.4 MB	1.4 MB	✓
routerDirect.js	1.39 MB	1.39 MB	✓
withRouter.js	1.39 MB	1.39 MB	✓
Overall change	6.89 MB	6.89 MB	✓

Webpack 5 Mode (Decrease detected ✓)

General Overall increase ⚠️

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
buildDuration	15.5s	15.5s	⚠️ +19ms
nodeModulesSize	61.7 MB	61.7 MB	⚠️ +627 B

Page Load Tests Overall decrease ⚠️

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
/ failed reqs	0	0	✓
/ total time (seconds)	2.007	2.03	⚠️ +0.02
/ avg req/sec	1245.39	1231.66	⚠️ -13.73
/error-in-render failed reqs	0	0	✓
/error-in-render total time (seconds)	1.239	1.239	✓
/error-in-render avg req/sec	2017.95	2017.91	⚠️ -0.04

Client Bundles (main, webpack, commons)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
597-ec2335c0..e105.js gzip	13.3 kB	13.3 kB	✓
778-95c4fcdf..36e9.js gzip	7.06 kB	7.06 kB	✓
framework.HASH.js gzip	39.3 kB	39.3 kB	✓
main-HASH.js gzip	151 B	151 B	✓
webpack-HASH.js gzip	993 B	993 B	✓
Overall change	60.8 kB	60.8 kB	✓

Legacy Client Bundles (polyfills)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
polyfills-HASH.js gzip	31.1 kB	31.1 kB	✓
Overall change	31.1 kB	31.1 kB	✓

Client Pages

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_app-bdbd9e6..6cfe.js gzip	1.3 kB	1.3 kB	✓
_error-b58c1..9b8e.js gzip	3.4 kB	3.4 kB	✓
amp-89a5460c..567f.js gzip	558 B	558 B	✓
hooks-8c2e74..be37.js gzip	924 B	924 B	✓
index-fec729..83b2.js gzip	243 B	243 B	✓
link-d124373..c521.js gzip	1.66 kB	1.66 kB	✓
routerDirect..5759.js gzip	336 B	336 B	✓
withRouter-1..98bf.js gzip	334 B	334 B	✓
Overall change	8.76 kB	8.76 kB	✓

Client Build Manifests

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_buildManifest.js gzip	323 B	323 B	✓
Overall change	323 B	323 B	✓

Rendered Page Sizes

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
index.html gzip	609 B	609 B	✓
link.html gzip	615 B	615 B	✓
withRouter.html gzip	604 B	604 B	✓
Overall change	1.83 kB	1.83 kB	✓

Diffs

Diff for index.html

@@ -48,7 +48,7 @@
         "props": { "pageProps": {} },
         "page": "/",
         "query": {},
-        "buildId": "Wtcmule_U2HjyVCE5juKU",
+        "buildId": "_BLsBYK_S0WrX0KvknhcX",
         "isFallback": false,
         "gip": true
       }
@@ -86,11 +86,11 @@
       async=""
     ></script>
     <script
-      src="/_next/static/Wtcmule_U2HjyVCE5juKU/_buildManifest.js"
+      src="/_next/static/_BLsBYK_S0WrX0KvknhcX/_buildManifest.js"
       async=""
     ></script>
     <script
-      src="/_next/static/Wtcmule_U2HjyVCE5juKU/_ssgManifest.js"
+      src="/_next/static/_BLsBYK_S0WrX0KvknhcX/_ssgManifest.js"
       async=""
     ></script>
   </body>

Diff for link.html

@@ -53,7 +53,7 @@
         "props": { "pageProps": {} },
         "page": "/link",
         "query": {},
-        "buildId": "Wtcmule_U2HjyVCE5juKU",
+        "buildId": "_BLsBYK_S0WrX0KvknhcX",
         "isFallback": false,
         "gip": true
       }
@@ -91,11 +91,11 @@
       async=""
     ></script>
     <script
-      src="/_next/static/Wtcmule_U2HjyVCE5juKU/_buildManifest.js"
+      src="/_next/static/_BLsBYK_S0WrX0KvknhcX/_buildManifest.js"
       async=""
     ></script>
     <script
-      src="/_next/static/Wtcmule_U2HjyVCE5juKU/_ssgManifest.js"
+      src="/_next/static/_BLsBYK_S0WrX0KvknhcX/_ssgManifest.js"
       async=""
     ></script>
   </body>

Diff for withRouter.html

@@ -48,7 +48,7 @@
         "props": { "pageProps": {} },
         "page": "/withRouter",
         "query": {},
-        "buildId": "Wtcmule_U2HjyVCE5juKU",
+        "buildId": "_BLsBYK_S0WrX0KvknhcX",
         "isFallback": false,
         "gip": true
       }
@@ -86,11 +86,11 @@
       async=""
     ></script>
     <script
-      src="/_next/static/Wtcmule_U2HjyVCE5juKU/_buildManifest.js"
+      src="/_next/static/_BLsBYK_S0WrX0KvknhcX/_buildManifest.js"
       async=""
     ></script>
     <script
-      src="/_next/static/Wtcmule_U2HjyVCE5juKU/_ssgManifest.js"
+      src="/_next/static/_BLsBYK_S0WrX0KvknhcX/_ssgManifest.js"
       async=""
     ></script>
   </body>

Commit: a7c7fd7

ijjk · 2021-03-24T17:31:44Z

Stats from current PR

Default Server Mode (Increase detected ⚠️)

General Overall increase ⚠️

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
buildDuration	16.8s	16.7s	-130ms
nodeModulesSize	61.7 MB	61.7 MB	⚠️ +627 B

Page Load Tests Overall increase ✓

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
/ failed reqs	0	0	✓
/ total time (seconds)	2.278	2.237	-0.04
/ avg req/sec	1097.41	1117.37	+19.96
/error-in-render failed reqs	0	0	✓
/error-in-render total time (seconds)	1.502	1.472	-0.03
/error-in-render avg req/sec	1664.65	1698.4	+33.75

Client Bundles (main, webpack, commons)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
597-ec2335c0..e105.js gzip	13.3 kB	13.3 kB	✓
778-95c4fcdf..36e9.js gzip	7.06 kB	7.06 kB	✓
framework.HASH.js gzip	39.3 kB	39.3 kB	✓
main-HASH.js gzip	151 B	151 B	✓
webpack-HASH.js gzip	993 B	993 B	✓
Overall change	60.8 kB	60.8 kB	✓

Legacy Client Bundles (polyfills)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
polyfills-HASH.js gzip	31.1 kB	31.1 kB	✓
Overall change	31.1 kB	31.1 kB	✓

Client Pages

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_app-bdbd9e6..6cfe.js gzip	1.3 kB	1.3 kB	✓
_error-b58c1..9b8e.js gzip	3.4 kB	3.4 kB	✓
amp-89a5460c..567f.js gzip	558 B	558 B	✓
hooks-8c2e74..be37.js gzip	924 B	924 B	✓
index-fec729..83b2.js gzip	243 B	243 B	✓
link-d124373..c521.js gzip	1.66 kB	1.66 kB	✓
routerDirect..5759.js gzip	336 B	336 B	✓
withRouter-1..98bf.js gzip	334 B	334 B	✓
Overall change	8.76 kB	8.76 kB	✓

Client Build Manifests

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_buildManifest.js gzip	323 B	323 B	✓
Overall change	323 B	323 B	✓

Rendered Page Sizes

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
index.html gzip	609 B	609 B	✓
link.html gzip	615 B	615 B	✓
withRouter.html gzip	604 B	604 B	✓
Overall change	1.83 kB	1.83 kB	✓

Serverless Mode

General Overall increase ⚠️

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
buildDuration	20s	20s	⚠️ +83ms
nodeModulesSize	61.7 MB	61.7 MB	⚠️ +627 B

Client Bundles (main, webpack, commons)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
597-ec2335c0..e105.js gzip	13.3 kB	13.3 kB	✓
778-95c4fcdf..36e9.js gzip	7.06 kB	7.06 kB	✓
framework.HASH.js gzip	39.3 kB	39.3 kB	✓
main-HASH.js gzip	151 B	151 B	✓
webpack-HASH.js gzip	993 B	993 B	✓
Overall change	60.8 kB	60.8 kB	✓

Legacy Client Bundles (polyfills)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
polyfills-HASH.js gzip	31.1 kB	31.1 kB	✓
Overall change	31.1 kB	31.1 kB	✓

Client Pages

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_app-bdbd9e6..6cfe.js gzip	1.3 kB	1.3 kB	✓
_error-b58c1..9b8e.js gzip	3.4 kB	3.4 kB	✓
amp-89a5460c..567f.js gzip	558 B	558 B	✓
hooks-8c2e74..be37.js gzip	924 B	924 B	✓
index-fec729..83b2.js gzip	243 B	243 B	✓
link-d124373..c521.js gzip	1.66 kB	1.66 kB	✓
routerDirect..5759.js gzip	336 B	336 B	✓
withRouter-1..98bf.js gzip	334 B	334 B	✓
Overall change	8.76 kB	8.76 kB	✓

Client Build Manifests

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_buildManifest.js gzip	323 B	323 B	✓
Overall change	323 B	323 B	✓

Serverless bundles

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_error.js	1.34 MB	1.34 MB	✓
404.html	2.76 kB	2.76 kB	✓
500.html	2.75 kB	2.75 kB	✓
amp.amp.html	10.6 kB	10.6 kB	✓
amp.html	1.96 kB	1.96 kB	✓
hooks.html	2.01 kB	2.01 kB	✓
index.js	1.34 MB	1.34 MB	-2 B
link.js	1.4 MB	1.4 MB	✓
routerDirect.js	1.39 MB	1.39 MB	⚠️ +2 B
withRouter.js	1.39 MB	1.39 MB	✓
Overall change	6.89 MB	6.89 MB	✓

Webpack 5 Mode (Decrease detected ✓)

General Overall increase ⚠️

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
buildDuration	16.6s	17s	⚠️ +386ms
nodeModulesSize	61.7 MB	61.7 MB	⚠️ +627 B

Page Load Tests Overall decrease ⚠️

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
/ failed reqs	0	0	✓
/ total time (seconds)	2.219	2.304	⚠️ +0.08
/ avg req/sec	1126.81	1085.08	⚠️ -41.73
/error-in-render failed reqs	0	0	✓
/error-in-render total time (seconds)	1.514	1.574	⚠️ +0.06
/error-in-render avg req/sec	1651.02	1588.07	⚠️ -62.95

Client Bundles (main, webpack, commons)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
597-ec2335c0..e105.js gzip	13.3 kB	13.3 kB	✓
778-95c4fcdf..36e9.js gzip	7.06 kB	7.06 kB	✓
framework.HASH.js gzip	39.3 kB	39.3 kB	✓
main-HASH.js gzip	151 B	151 B	✓
webpack-HASH.js gzip	993 B	993 B	✓
Overall change	60.8 kB	60.8 kB	✓

Legacy Client Bundles (polyfills)

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
polyfills-HASH.js gzip	31.1 kB	31.1 kB	✓
Overall change	31.1 kB	31.1 kB	✓

Client Pages

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_app-bdbd9e6..6cfe.js gzip	1.3 kB	1.3 kB	✓
_error-b58c1..9b8e.js gzip	3.4 kB	3.4 kB	✓
amp-89a5460c..567f.js gzip	558 B	558 B	✓
hooks-8c2e74..be37.js gzip	924 B	924 B	✓
index-fec729..83b2.js gzip	243 B	243 B	✓
link-d124373..c521.js gzip	1.66 kB	1.66 kB	✓
routerDirect..5759.js gzip	336 B	336 B	✓
withRouter-1..98bf.js gzip	334 B	334 B	✓
Overall change	8.76 kB	8.76 kB	✓

Client Build Manifests

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
_buildManifest.js gzip	323 B	323 B	✓
Overall change	323 B	323 B	✓

Rendered Page Sizes

	vercel/next.js canary	shuding/next.js fix-bypassing-image-endpoint	Change
index.html gzip	609 B	609 B	✓
link.html gzip	615 B	615 B	✓
withRouter.html gzip	604 B	604 B	✓
Overall change	1.83 kB	1.83 kB	✓

Diffs

Diff for index.html

@@ -48,7 +48,7 @@
         "props": { "pageProps": {} },
         "page": "/",
         "query": {},
-        "buildId": "hw2unkP8qCyyA3XXi0Qel",
+        "buildId": "QbfmVl0C3iYmWRberTEc2",
         "isFallback": false,
         "gip": true
       }
@@ -86,11 +86,11 @@
       async=""
     ></script>
     <script
-      src="/_next/static/hw2unkP8qCyyA3XXi0Qel/_buildManifest.js"
+      src="/_next/static/QbfmVl0C3iYmWRberTEc2/_buildManifest.js"
       async=""
     ></script>
     <script
-      src="/_next/static/hw2unkP8qCyyA3XXi0Qel/_ssgManifest.js"
+      src="/_next/static/QbfmVl0C3iYmWRberTEc2/_ssgManifest.js"
       async=""
     ></script>
   </body>

Diff for link.html

@@ -53,7 +53,7 @@
         "props": { "pageProps": {} },
         "page": "/link",
         "query": {},
-        "buildId": "hw2unkP8qCyyA3XXi0Qel",
+        "buildId": "QbfmVl0C3iYmWRberTEc2",
         "isFallback": false,
         "gip": true
       }
@@ -91,11 +91,11 @@
       async=""
     ></script>
     <script
-      src="/_next/static/hw2unkP8qCyyA3XXi0Qel/_buildManifest.js"
+      src="/_next/static/QbfmVl0C3iYmWRberTEc2/_buildManifest.js"
       async=""
     ></script>
     <script
-      src="/_next/static/hw2unkP8qCyyA3XXi0Qel/_ssgManifest.js"
+      src="/_next/static/QbfmVl0C3iYmWRberTEc2/_ssgManifest.js"
       async=""
     ></script>
   </body>

Diff for withRouter.html

@@ -48,7 +48,7 @@
         "props": { "pageProps": {} },
         "page": "/withRouter",
         "query": {},
-        "buildId": "hw2unkP8qCyyA3XXi0Qel",
+        "buildId": "QbfmVl0C3iYmWRberTEc2",
         "isFallback": false,
         "gip": true
       }
@@ -86,11 +86,11 @@
       async=""
     ></script>
     <script
-      src="/_next/static/hw2unkP8qCyyA3XXi0Qel/_buildManifest.js"
+      src="/_next/static/QbfmVl0C3iYmWRberTEc2/_buildManifest.js"
       async=""
     ></script>
     <script
-      src="/_next/static/hw2unkP8qCyyA3XXi0Qel/_ssgManifest.js"
+      src="/_next/static/QbfmVl0C3iYmWRberTEc2/_ssgManifest.js"
       async=""
     ></script>
   </body>

Commit: 15229e3

…ercel#23366) If the upstream MIME type isn't prefixed with `image/`, the endpoint should directly response with a 400 error. ## Bug - [x] Fixes vercel#23312 - [x] Integration tests added ## Feature - [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR. - [ ] Related issues linked using `fixes #number` - [ ] Integration tests added - [ ] Documentation added - [ ] Telemetry added. In case of a feature if it's used or not. ## Documentation / Examples - [ ] Make sure the linting passes

return 400 error if invalid image type

8a1df50

shuding requested review from divmain, ijjk, lfades and timneutkens as code owners March 24, 2021 17:04

ijjk added the type: next label Mar 24, 2021

Merge branch 'canary' into fix-bypassing-image-endpoint

a7c7fd7

timneutkens approved these changes Mar 24, 2021

View reviewed changes

Merge branch 'canary' into fix-bypassing-image-endpoint

15229e3

ijjk approved these changes Mar 24, 2021

View reviewed changes

kodiakhq bot merged commit 9821140 into vercel:canary Mar 24, 2021

shuding deleted the fix-bypassing-image-endpoint branch March 25, 2021 07:03

vercel locked as resolved and limited conversation to collaborators Jan 28, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make sure the image optimization endpoint only response with images #23366

Make sure the image optimization endpoint only response with images #23366

shuding commented Mar 24, 2021

ijjk commented Mar 24, 2021

Diffs

ijjk commented Mar 24, 2021

Diffs

Make sure the image optimization endpoint only response with images #23366

Make sure the image optimization endpoint only response with images #23366

Conversation

shuding commented Mar 24, 2021

Bug

Feature

Documentation / Examples

ijjk commented Mar 24, 2021

Stats from current PR

Diffs

ijjk commented Mar 24, 2021

Stats from current PR

Diffs