svrjs/svrjs-nextjs-website
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: add a security recommendation to notes for Next.js integration mod
Some checks failed
Deploy Next.js application / deploy (push) Has been cancelled
Details

Browse source
This commit is contained in:
Dorian Niemiec 2024-09-10 19:35:25 +02:00
parent 3095f788a2
commit 1b8d8705f4
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
pages/docs/mod-notes.md
View file

@ -103,6 +103,24 @@ Next.js integration is a mod, that enables SVR.JS to serve Next.js applications.
The webroot (_wwwroot_ _config.json_ property) serves as a Next.js application directory. It's recommended to set the owner of the Next.js application directory (around with all the files in it) as the user, on which SVR.JS is running (usually "svrjs"). Setting a `NODE_ENV` environment variable to `development` in SVR.JS configuration enables Next.js development server. The webroot (_wwwroot_ _config.json_ property) serves as a Next.js application directory. It's recommended to set the owner of the Next.js application directory (around with all the files in it) as the user, on which SVR.JS is running (usually "svrjs"). Setting a `NODE_ENV` environment variable to `development` in SVR.JS configuration enables Next.js development server.
It's also recommended to forbid the access to ".env" file and ".git" directories, in case Next.js integration mod fails to load. You can set up _nonStandardCodes_ _config.json_ property like this:
```json
{
"nonStandardCodes": [
{
"scode": 403,
"regex": "/^\\/\\.env(?:\\.local)?(?:$|[#?])/"
},
{
"scode": 403,
"regex": "/^\\/\\.git/"
},
...other non-standard codes...
],
...other config.json properties...
}
```
_View the [change log.](/changelog/nextjs-integration)_ _View the [change log.](/changelog/nextjs-integration)_
## OrangeCircle ## OrangeCircle