(req, res, next)
| 3 | const STATSD_KEY = 'middleware.handle_invalid_paths' |
| 4 | |
| 5 | export default function handleInvalidPaths(req, res, next) { |
| 6 | // Prevent various malicious injection attacks targeting Next.js |
| 7 | if (req.path.match(/^\/_next[^/]/) || req.path === '/_next/data' || req.path === '/_next/data/') { |
| 8 | statsd.increment(STATSD_KEY, 1, ['check:nextjs-injection-attack']) |
| 9 | return next(404) |
| 10 | } |
| 11 | |
| 12 | return next() |
| 13 | } |