I am using dynamic route in my next.js website. My website is protected by WAF (Web Application Firewall), it block all URL that contain special characters (such as (, ), [, ]). So that, URLs like https://mywebsite.xyz/_next/static/chunks/app/(home)/info-hub/%5Bposts%5D/page-55e4c6dc50d1aae0.js cannot be loaded. The security team refuses to ignore these special characters. So how can I change my next.js app to use dynamic route but not using these special characters?
Dynamic route in NextJS cause security problem
142 Views Asked by hieund At
1
There are 1 best solutions below
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in NEXT.JS
- Getting babel build errors with the next.js getting started example
- Request Graphql api running on different port from Next.js app in development mode localhost
- Session lost when refresh the page (Next, react, isomorphism)
- HOC: A valid React element (or null) must be returned
- vscode launch config for next.js app
- Next.js + Redux server side rendering: Has data, but doesn't render on server side
- When to use a react framework such as Next or Gatsby vs Create React App
- Error: spawn EACCES on Heroku with Next.js
- Docker compose npm script command not found
- Error when using custom domain with Next.js on Heroku
- ReactJs, next JS, express and redux boilerplate
- Cannot use @import in css
- Next JS nested routing
- internal server error when deploying NextJs to firebase
- MaterialUI together with styled-components, SSR
Related Questions in ROUTES
- Routing Url that has no action name
- Implementing find node on torrent kademlia routing table
- Get packet that's being routed
- Preserve `$location.search()` in angular `redirectTo`?
- Why does this MVC action return a 404 response in IE11
- Backbone: Best way to prevent routes (and url change)
- ASP.NET MVC routing 404
- Change the name of parent :parent_id parameter in Routing resources for Rails4
- Where should I put Symfony third-party bundle's routing configuration?
- How to route by call method in proxy with WSO2?
- Asp.net MVC Routelink null controller parameter
- using dart route package url got error 404
- Re-transmission concept in TCP
- Network unreachable when address is IPv6 in Buildroot
- rails_admin add custom controller in namespace admin
Related Questions in DYNAMIC
- Convert Apache VirtualHost to nginx Server Block for Dynamic Subdomains
- Nested dynamically generated forms using jQuery
- AngularJS Dynamic Slider Control
- dynamic content control mapping for MS word c#
- get value from the dynamic create textbox
- Android : Unable to change width of dynamic button
- saving matlab file (.mat) with dynamic name
- MODx Create dynamic frontend page / display manager page without login
- Dynamic XML parsing, data storage, and forms in c#
- Cannot convert type 'Umbraco.Core.Dynamics.DynamicNull' to 'Umbraco.....' - Umbraco v6
- IDynamicMetaObjectProvider set property using literal name
- PHP unable to load dynamic library
- How to use Dynamic Variables?
- How can call method dynamically in c#
- Make divs inside table cells the same height without javascript
Related Questions in WEB-APPLICATION-FIREWALL
- UNION on dynamic SQL statements
- Azure ARM Templates - Appication Gateway Web Application Firewall Configuration SelectorMatchOperator Syntax
- cURL 35 Error from WordPress Site Health behind a CDN+WAF Firewall
- An error occurred while executing the "make" command while compiling and installing the "ModSecurity- Nginx" module
- AWS - WAF : log configuration for kinesis firehose in cloud formation
- How to integrate a Web Application firewall (ModSecurity) with Heroku?
- ELB WAF Sandwiching - AWS
- Problems with Cloudflare's WAF When Using AWS Elastic Beanstalk for a PHP Application
- HTTP_HOST Stripping via Firewalls and VPNs
- Apache logs shows us we are using HTTP1.1 instead of HTTP2 protocol even HTTP/2 is enabled (through WAF)
- aws waf regex pattern rule not working --rate limit
- Error deploying global resources into China with Terraform
- Dynamic route in NextJS cause security problem
- Whitelist EC2 instances in ASG to access AWS WAF
- Do I need a Web Application Firewall if my APIs are protected with OAuth?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
If you are using next.js' app router then you don't have to worry about these "()[]". So, if your folder structure is like these:
App
then your url will be localhost:3000/123 where "123" can be any dynamic userId.
"()" are used for folder structure and are ignored by next.js, and "[ ]" are used for dynamic routes, so you won't be writing them in the URL.