Opt into Next.JS overriding useful information like Host, GEO and IP

[VayneValerius]

Describe the feature you'd like to request

Next overrides the hostname and client IP (when using middleware) by default. This is for "security" reasons, though no other package (express etc) does this. This is because host and IP are very useful and allow us to set dynamic CSP headers via middleware based on environment and create transactional logs (amongst other things).

Currently it is easier to create a logger function, and use it in every gssp than just have a single call in the middleware like we would in express for instance.

This feature should be an opt in or opt out, especially as I fail to understand what overriding the correct hostname i.e 123.com with localhost:3000, achieves for security in anyway. It seems like misjudged reasoning to me.

Describe the solution you'd like

In Next config there should be a "useNextSecurityFeatures" option or something similar. It could be set to true by default. This way the Next team still provides this feature, but the community can decide whether they want to use it or not. I also believe this should be the same for forcing eval-source-maps in dev which breaks CSP, though that security flaw and CSP in Next is another conversation.

Describe alternatives you've considered

The alternative would be to completely remove the feature all together which would actually be my preferred solution. Next is great and I love the work you guys have done, but I honestly would like to see the restrictions and forced limitations removed. Your "users" are developers, not users.