docs: add the recommendation to block the access to the ".next" directory for Next.js integration

This commit is contained in:
Dorian Niemiec 2024-10-06 07:20:06 +02:00
parent 47f86122df
commit 4fbcfd1ffc

View file

@ -103,7 +103,7 @@ Next.js integration is a mod, that enables SVR.JS to serve Next.js applications.
The webroot (_wwwroot_ _config.json_ property) serves as a Next.js application directory. It's recommended to set the owner of the Next.js application directory (around with all the files in it) as the user, on which SVR.JS is running (usually "svrjs"). Setting a `NODE_ENV` environment variable to `development` in SVR.JS configuration enables Next.js development server. The webroot (_wwwroot_ _config.json_ property) serves as a Next.js application directory. It's recommended to set the owner of the Next.js application directory (around with all the files in it) as the user, on which SVR.JS is running (usually "svrjs"). Setting a `NODE_ENV` environment variable to `development` in SVR.JS configuration enables Next.js development server.
It's also recommended to forbid the access to ".env" file and ".git" directories, in case Next.js integration mod fails to load. You can set up _nonStandardCodes_ _config.json_ property like this: It's also recommended to forbid the access to ".env" file, ".next" and ".git" directories, in case Next.js integration mod fails to load. You can set up _nonStandardCodes_ _config.json_ property like this:
```json ```json
{ {
"nonStandardCodes": [ "nonStandardCodes": [
@ -115,6 +115,10 @@ It's also recommended to forbid the access to ".env" file and ".git" directories
"scode": 403, "scode": 403,
"regex": "/^\\/\\.git/" "regex": "/^\\/\\.git/"
}, },
{
"scode": 403,
"regex": "/^\\/\\.next(?:$|[\\/#?])/"
},
...other non-standard codes... ...other non-standard codes...
], ],
...other config.json properties... ...other config.json properties...