nextjs-basic-auth-middleware icon indicating copy to clipboard operation
nextjs-basic-auth-middleware copied to clipboard
verified publisher icon labd

Authentication bypassed if the site is internationalised

Open clementprdhomme opened this issue 3 years ago • 0 comments

Hi,

I've been testing your middleware and I realised that if you define some locales inside next.config.js, then the authentication is automatically bypassed. If the user clicks “Cancel” multiple times, they may even see the page's HTML as reported in https://github.com/labd/nextjs-basic-auth-middleware/issues/27 before 2.0.0.

Reproduction steps:

  1. Clone the repository: git clone [email protected]:labd/nextjs-basic-auth-middleware.git
  2. Navigate to nextjs-basic-auth-middleware/examples
  3. Install the dependencies: yarn
  4. Add some locales to next.config.js:
/** @type {import('next').NextConfig} */
const nextConfig = {
  i18n: {
    locales: ['en', 'es'],
    defaultLocale: 'en',
  },
  reactStrictMode: true,
  swcMinify: true,
}

module.exports = nextConfig
  1. Run the development server: yarn dev
  2. Open the page: http://localhost:3000/

Even before clicking on “Cancel”, inside the “Network” developer panel, you will see that the page's HTML is returned to the browser.

clementprdhomme avatar Oct 31 '22 16:10 clementprdhomme