New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(middleware): use includes()
for NextAuth pages
#5085
fix(middleware): use includes()
for NextAuth pages
#5085
Conversation
Some users could be setting their `signIn` and `error` pages option to `/` to disable the automatically generated pages, as suggested in [1]. This commit reverts the behaviour for matching `signIn` and `error` pages in `handleMiddleware` to pre-v4.10.3. ``` const signInPage = "/" const errorPage = "/" const publicPaths = [signInPage, errorPage, "/_next", "/favicon.ico"] // pathname = "/" will return true publicPaths.some((p) => pathname.startsWith(p)) ``` Fixes: aedabc8 ("fix: avoid redirect on always public paths") Reference [1]: #2330 (reply in thread) Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Ignored Deployment
|
Hi 👋 So in #5000 we made that change to avoid the infinite re-direct loop when you have a custom error page that is also require authentication. I wasn't aware that setting We would be appreciated if you could open a new issue so that we can investigate and think of a solution together there instead 🙌 I'm going to close this one in the mean time. const signInPage = "/"
const errorPage = "/"
const publicPaths = [signInPage, errorPage, "/_next", "/favicon.ico"]
const pathname = "/"
// current
publicPaths.some((p) => pathname.startsWith(p)) // return true
// your change
[signInPage, errorPage].includes(pathname) // also return true |
I think this should be OK, but in that case, you have to ensure middleware is not invoked on |
@ThangHuuVu Sorry, I made a typo in the code snippet. It should be const signInPage = "/"
const errorPage = "/"
const publicPaths = [signInPage, errorPage, "/_next", "/favicon.ico"]
// pathname = "/protected/pathA" will always return true
publicPaths.some((p) => pathname.startsWith(p)) So if the middleware has the pages: {
signIn: '/',
error: '/',
} and export const config = { matcher: ["/protected/:path*"] } Visiting |
@balazsorban44 See #5085 (comment). Middleware is not invoked on |
Thanks for the explanation, this makes more sense to me now 👍 |
@ThangHuuVu Not sure what went wrong with GitHub, it's not showing the new commit that I've pushed. Should I open another PR that adds the test case after this PR is merged? |
Might be because we closed it. It would be nice to have the test and the code in the same PR so we can verify it first. Maybe we should close this PR and just create a new one. Sorry 💚 |
☕️ Reasoning
Some users could be setting their
signIn
anderror
pages option to/
to disable the automatically generated pages, as suggested in #2330 (reply in thread).This PR reverts the behaviour for matching
signIn
anderror
pages in
handleMiddleware
to pre-v4.10.3.EDIT:
Fixes: aedabc8 ("fix: avoid redirect on always public paths")
🧢 Checklist
🎫 Affected issues
📌 Resources