Pass Next.js redirects bug
Answered
BLMx posted this in #help-forum
BLMxOP
Hello everyone!
I use next.js custom server "using express backend".
By using tools like Burp Suite hackers can access my frontend admin page for example. I tried by a lot of ways to fix it. but in custom server there is nothing to do.
For example in my code in getServerSideProps i tried to redirect user which not have roles and if they are hacker they can pass the redirect and access page front only. I don't know if I describe it in a clear way but my english is not that good !
Thank you 💞.
I use next.js custom server "using express backend".
By using tools like Burp Suite hackers can access my frontend admin page for example. I tried by a lot of ways to fix it. but in custom server there is nothing to do.
For example in my code in getServerSideProps i tried to redirect user which not have roles and if they are hacker they can pass the redirect and access page front only. I don't know if I describe it in a clear way but my english is not that good !
Thank you 💞.
Answered by Double-striped Thick-knee
If he can't access any real useful data, then that's okay i think,
19 Replies
BLMxOP
note: i tried everything using <app>.get and .use and middleware functions
@BLMx Hello everyone!
I use next.js custom server "using express backend".
By using tools like Burp Suite hackers can access my frontend admin page for example. I tried by a lot of ways to fix it. but in custom server there is nothing to do.
For example in my code in getServerSideProps i tried to redirect user which not have roles and if they are hacker they can pass the redirect and access page front only. I don't know if I describe it in a clear way but my english is not that good !
Thank you 💞.
Double-striped Thick-knee
they would access frontend without any data?
But also it is not a good thing
Double-striped Thick-knee
I mean what's the point then, why would a hacked waste their time like that
BLMxOP
Ok maybe you're correct but do you think that accessing frontend without permission is good or normal ?
@Double-striped Thick-knee
@BLMx Ok maybe you're correct but do you think that accessing frontend without permission is good or normal ?
Double-striped Thick-knee
I don't think it's something to worry about, and your not really returning any components right?
@Double-striped Thick-knee I don't think it's something to worry about, and your not really returning any components right?
BLMxOP
user can access all frontend components via editing props or redirect url
and no data
only inputs for example and normal content
but no fetching data which require permission
@BLMx Hello everyone!
I use next.js custom server "using express backend".
By using tools like Burp Suite hackers can access my frontend admin page for example. I tried by a lot of ways to fix it. but in custom server there is nothing to do.
For example in my code in getServerSideProps i tried to redirect user which not have roles and if they are hacker they can pass the redirect and access page front only. I don't know if I describe it in a clear way but my english is not that good !
Thank you 💞.
Double-striped Thick-knee
Maybe it's not that big of a deal, bcz in their official tutorials they prevented unauthorized users just like this
@Double-striped Thick-knee Maybe it's not that big of a deal, bcz in their official tutorials they prevented unauthorized users just like this
BLMxOP
They can access in custom server and also i asked gpt and didn't solve it. I tried using next middleware in custom server but the web become so slow
and do you think that next.js have to solve it ??
i made everything which return 403 to user but hackers can access page only
and only if he knows react not any hacker :)
Double-striped Thick-knee
If he can't access any real useful data, then that's okay i think,
Answer
BLMxOP
Okay thx Sajid ❤️