The header settings doesn't work after adding i18n settingss to nextconfig for the files under pages folder

[LIU-CE-01]

Link to the code that reproduces this issue

https://github.com/LIU-CE-01/nextjs-bug-report

To Reproduce

I'm using nextjs 13.5.6 and I added some header settings and i18n settings in the next.config.js

1. npm run dev
2. Go to /about page (under pages folder) and check the response header
3. Commont i18n settings in the next.config.js
4. npm run dev again and Go to /about page and check the response header

Current vs. Expected behavior

Current:
When i18n settings is included, csp is not included in the response headers.
When i18n settings is commented, csp is included in the response headers.

Expected:
csp should be included in the response headers no matter whether we have i18n settings in next.config.js

Verify canary release

• I verified that the issue exists in the latest Next.js canary release

Provide environment information

Operating System:
  Platform: MacOS Sonoma
Binaries:
  Node: 18.17.1
  npm: 9.6.7
  Yarn: N/A
  pnpm: N/A
Relevant Packages:
  next: 13.5.6,
Next.js Config:
  output: N/A

Which area(s) are affected? (Select all that apply)

Internationalization (i18n)

Additional context

We have used the version 13.4.3 and it seems we don't have the same issue

[cosieLq]

Related to #54159

[cosieLq]

Eventually we had to write a middleware to solve this headers problem.

i18n settings seem to be rather instable for long, since somewhere around next v13.4. The routing server doesn't always work correctly. With some versions of next, the files in the public folder return 404. We also had to use middleware to make it work.

In the docs for App Router, they don't even mention i18n in next.config. I assume it's not supported any more, but it should then be communicated explicitly right?

[LIU-CE-01]

@cosieLq Yeah, they need to make it clear whether it is supported or not.

Thank you for your advice, we will try to use middleware to solve the problem and waiting for their reponse

[ztanner]

Hi, I wasn't able to reproduce the behavior you described with your reproduction on the latest canary. Response headers from the /about route appear to correctly have your CSP headers.

If the concern is that the /_next/static resources don't contain these CSP headers, please refer to this docs page which indicates how you can use the locale: false setting to ensure all routes are matched regardless of i18n.

Please don't hesitate to ping or open another issue if you are still encountering problems!

[LIU-CE-01]

@ztanner
Thanks for your reply. I tried the new canary for nextjs 14 and it seems the issue is fixed.

But currently our team is prefer to stay in nextjs 13. I tried the newest canary for 13.5.7 (13.5.7-canary.37) and I can still reproduce the issue.

As there is still a canary, we believe nextjs 13 is still supported. Is there any plan to fix it in nextjs 13?
(I updated the package json in the branch to point to the version 13.5.7-canary.37)

[ztanner]

Hi @LIU-CE-01 -- I'm afraid we only backport security related fixes, not bugs. However middleware seems like it would be a workaround if you're unable to upgrade or downgrade to a working version.

[LIU-CE-01]

Hi @ztanner
Thanks for your reply.
I'm sorry if I misunderstood your meaning, you are suggesting we should move to nextjs 14 as it is unlikely to fix in nextjs 13?

[github-actions]

This closed issue has been automatically locked because it had no new activity for 2 weeks. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.