From 4fbcfd1ffc959627ad38faa70adf07fd5c41c04b Mon Sep 17 00:00:00 2001 From: Dorian Niemiec Date: Sun, 6 Oct 2024 07:20:06 +0200 Subject: [PATCH] docs: add the recommendation to block the access to the ".next" directory for Next.js integration --- pages/docs/mod-notes.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pages/docs/mod-notes.md b/pages/docs/mod-notes.md index 176a198..8455465 100644 --- a/pages/docs/mod-notes.md +++ b/pages/docs/mod-notes.md @@ -103,7 +103,7 @@ Next.js integration is a mod, that enables SVR.JS to serve Next.js applications. The webroot (_wwwroot_ _config.json_ property) serves as a Next.js application directory. It's recommended to set the owner of the Next.js application directory (around with all the files in it) as the user, on which SVR.JS is running (usually "svrjs"). Setting a `NODE_ENV` environment variable to `development` in SVR.JS configuration enables Next.js development server. -It's also recommended to forbid the access to ".env" file and ".git" directories, in case Next.js integration mod fails to load. You can set up _nonStandardCodes_ _config.json_ property like this: +It's also recommended to forbid the access to ".env" file, ".next" and ".git" directories, in case Next.js integration mod fails to load. You can set up _nonStandardCodes_ _config.json_ property like this: ```json { "nonStandardCodes": [ @@ -115,6 +115,10 @@ It's also recommended to forbid the access to ".env" file and ".git" directories "scode": 403, "regex": "/^\\/\\.git/" }, + { + "scode": 403, + "regex": "/^\\/\\.next(?:$|[\\/#?])/" + }, ...other non-standard codes... ], ...other config.json properties...