opennextjs/cloudflare and images.remotePatterns
Hey there.
I have built a NextJS site and inside it's next.config.ts I have set the
images.remotePatterns value to have specific domains as covered here.
https://nextjs.org/docs/app/api-reference/components/image#remotepatterns
When I run next dev or even next build && next start this works fine and it blocks images in other hostnames.
However, if I run opennextjs-cloudflare && wrangler dev (using oppennextjs 0.5.9) it does not block these images correctly, leaving us open to SSRF attacks.
Has anyone else come across this and have a solution?Components: Image | Next.js
Optimize Images in your Next.js Application using the built-in
next/image Component.0 Replies