From cad0d1206672c84423efc25891f1dd13f11aead7 Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Tue, 30 Jun 2020 00:26:07 -0400 Subject: [PATCH 01/14] Add `res.redirect` response helper --- packages/next/next-server/lib/utils.ts | 1 + packages/next/next-server/server/api-utils.ts | 16 ++++++++++++++++ test/integration/prerender/next.config.js | 1 + .../prerender/pages/blog/[post]/index.js | 2 +- 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/packages/next/next-server/lib/utils.ts b/packages/next/next-server/lib/utils.ts index 4b255709eb966..a2e8beb9617d1 100644 --- a/packages/next/next-server/lib/utils.ts +++ b/packages/next/next-server/lib/utils.ts @@ -207,6 +207,7 @@ export type NextApiResponse = ServerResponse & { */ json: Send status: (statusCode: number) => NextApiResponse + redirect: (url: string, statusCode?: number) => NextApiResponse /** * Set preview data for Next.js' prerender mode diff --git a/packages/next/next-server/server/api-utils.ts b/packages/next/next-server/server/api-utils.ts index 3ed48b73803b6..4d6311c4e6579 100644 --- a/packages/next/next-server/server/api-utils.ts +++ b/packages/next/next-server/server/api-utils.ts @@ -59,6 +59,7 @@ export async function apiResolver( apiRes.status = (statusCode) => sendStatusCode(apiRes, statusCode) apiRes.send = (data) => sendData(apiReq, apiRes, data) apiRes.json = (data) => sendJson(apiRes, data) + apiRes.redirect = (url, statusCode) => redirect(apiRes, url, statusCode) apiRes.setPreviewData = (data, options = {}) => setPreviewData(apiRes, data, Object.assign({}, apiContext, options)) apiRes.clearPreviewData = () => clearPreviewData(apiRes) @@ -209,6 +210,21 @@ export function sendStatusCode( return res } +/** + * + * @param res response object + * @param url URL of redirect + * @param [statusCode] `HTTP` status code of redirect + */ +export function redirect( + res: NextApiResponse, + url: string, + statusCode?: number +): NextApiResponse { + res.writeHead(statusCode || 302, { Location: url }).end() + return res +} + function sendEtagResponse( req: NextApiRequest, res: NextApiResponse, diff --git a/test/integration/prerender/next.config.js b/test/integration/prerender/next.config.js index 674031fe4743b..ea9028c6f724d 100644 --- a/test/integration/prerender/next.config.js +++ b/test/integration/prerender/next.config.js @@ -1,4 +1,5 @@ module.exports = { + target: 'serverless', rewrites() { return [ { diff --git a/test/integration/prerender/pages/blog/[post]/index.js b/test/integration/prerender/pages/blog/[post]/index.js index 0c9f829bca491..a2ff1762082f8 100644 --- a/test/integration/prerender/pages/blog/[post]/index.js +++ b/test/integration/prerender/pages/blog/[post]/index.js @@ -1,7 +1,7 @@ import React from 'react' import Link from 'next/link' import { useRouter } from 'next/router' -import 'firebase/firestore' +// import 'firebase/firestore' export async function getStaticPaths() { return { From 514d6bfe6f0694eed05e2c5ac4697d4479b952f1 Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Tue, 30 Jun 2020 15:29:07 -0400 Subject: [PATCH 02/14] Revert unnecessary changes --- test/integration/prerender/next.config.js | 1 - test/integration/prerender/pages/blog/[post]/index.js | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/test/integration/prerender/next.config.js b/test/integration/prerender/next.config.js index ea9028c6f724d..674031fe4743b 100644 --- a/test/integration/prerender/next.config.js +++ b/test/integration/prerender/next.config.js @@ -1,5 +1,4 @@ module.exports = { - target: 'serverless', rewrites() { return [ { diff --git a/test/integration/prerender/pages/blog/[post]/index.js b/test/integration/prerender/pages/blog/[post]/index.js index a2ff1762082f8..0c9f829bca491 100644 --- a/test/integration/prerender/pages/blog/[post]/index.js +++ b/test/integration/prerender/pages/blog/[post]/index.js @@ -1,7 +1,7 @@ import React from 'react' import Link from 'next/link' import { useRouter } from 'next/router' -// import 'firebase/firestore' +import 'firebase/firestore' export async function getStaticPaths() { return { From dff7b144696ebaefe3a68058671b0c4837b86b26 Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Tue, 30 Jun 2020 15:29:34 -0400 Subject: [PATCH 03/14] Match Express signature for `res.redirect` --- packages/next/next-server/lib/utils.ts | 2 +- packages/next/next-server/server/api-utils.ts | 16 +++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/packages/next/next-server/lib/utils.ts b/packages/next/next-server/lib/utils.ts index a2e8beb9617d1..6a9bc60a7a073 100644 --- a/packages/next/next-server/lib/utils.ts +++ b/packages/next/next-server/lib/utils.ts @@ -207,7 +207,7 @@ export type NextApiResponse = ServerResponse & { */ json: Send status: (statusCode: number) => NextApiResponse - redirect: (url: string, statusCode?: number) => NextApiResponse + redirect: (status: string | number, url: string) => NextApiResponse /** * Set preview data for Next.js' prerender mode diff --git a/packages/next/next-server/server/api-utils.ts b/packages/next/next-server/server/api-utils.ts index 4d6311c4e6579..a46dece17a6c4 100644 --- a/packages/next/next-server/server/api-utils.ts +++ b/packages/next/next-server/server/api-utils.ts @@ -59,7 +59,7 @@ export async function apiResolver( apiRes.status = (statusCode) => sendStatusCode(apiRes, statusCode) apiRes.send = (data) => sendData(apiReq, apiRes, data) apiRes.json = (data) => sendJson(apiRes, data) - apiRes.redirect = (url, statusCode) => redirect(apiRes, url, statusCode) + apiRes.redirect = (status, url) => redirect(apiRes, status, url) apiRes.setPreviewData = (data, options = {}) => setPreviewData(apiRes, data, Object.assign({}, apiContext, options)) apiRes.clearPreviewData = () => clearPreviewData(apiRes) @@ -213,15 +213,21 @@ export function sendStatusCode( /** * * @param res response object + * @param [status] `HTTP` status code of redirect * @param url URL of redirect - * @param [statusCode] `HTTP` status code of redirect */ export function redirect( res: NextApiResponse, - url: string, - statusCode?: number + status: string | number, // If this is a number it's the URL + url: string ): NextApiResponse { - res.writeHead(statusCode || 302, { Location: url }).end() + if (typeof status === 'string') { + url = status + status = 302 + } + + res.writeHead(status, { Location: url }) + res.end() return res } From a741d040ce59a41541e543d5cb4e9504bebf06ca Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Tue, 30 Jun 2020 15:48:19 -0400 Subject: [PATCH 04/14] Add documentation for `res.redirect` --- docs/api-routes/response-helpers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/api-routes/response-helpers.md b/docs/api-routes/response-helpers.md index 93fd1623f03ea..9912571a659b7 100644 --- a/docs/api-routes/response-helpers.md +++ b/docs/api-routes/response-helpers.md @@ -25,3 +25,4 @@ The included helpers are: - `res.status(code)` - A function to set the status code. `code` must be a valid [HTTP status code](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes) - `res.json(json)` - Sends a JSON response. `json` must be a valid JSON object - `res.send(body)` - Sends the HTTP response. `body` can be a `string`, an `object` or a `Buffer` +- `res.redirect([status,] path)` - Redirects to a specified path or URL. `status` must be a valid [HTTP status code](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes). If not specified, `status` defaults to "302" "Found". From c7b82a7230ca69c92140f87f591a60e87e0b3bb7 Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Wed, 1 Jul 2020 03:47:34 -0400 Subject: [PATCH 05/14] Update packages/next/next-server/lib/utils.ts Co-authored-by: Tim Neutkens --- packages/next/next-server/lib/utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/next/next-server/lib/utils.ts b/packages/next/next-server/lib/utils.ts index 6a9bc60a7a073..3747750324dae 100644 --- a/packages/next/next-server/lib/utils.ts +++ b/packages/next/next-server/lib/utils.ts @@ -207,7 +207,7 @@ export type NextApiResponse = ServerResponse & { */ json: Send status: (statusCode: number) => NextApiResponse - redirect: (status: string | number, url: string) => NextApiResponse + redirect: (statusOrUrl: string | number, url?: string) => NextApiResponse /** * Set preview data for Next.js' prerender mode From f256bb48f1a2e67c87461ddff70a57e8306571e6 Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Wed, 1 Jul 2020 03:47:42 -0400 Subject: [PATCH 06/14] Update packages/next/next-server/server/api-utils.ts Co-authored-by: Tim Neutkens --- packages/next/next-server/server/api-utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/next/next-server/server/api-utils.ts b/packages/next/next-server/server/api-utils.ts index a46dece17a6c4..f62d3202cf4ad 100644 --- a/packages/next/next-server/server/api-utils.ts +++ b/packages/next/next-server/server/api-utils.ts @@ -59,7 +59,7 @@ export async function apiResolver( apiRes.status = (statusCode) => sendStatusCode(apiRes, statusCode) apiRes.send = (data) => sendData(apiReq, apiRes, data) apiRes.json = (data) => sendJson(apiRes, data) - apiRes.redirect = (status, url) => redirect(apiRes, status, url) + apiRes.redirect = (statusOrUrl, url) => redirect(apiRes, status, url) apiRes.setPreviewData = (data, options = {}) => setPreviewData(apiRes, data, Object.assign({}, apiContext, options)) apiRes.clearPreviewData = () => clearPreviewData(apiRes) From c43e2cd24053083b8570d1210e4ed727f0bf7bb0 Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Wed, 1 Jul 2020 03:47:51 -0400 Subject: [PATCH 07/14] Update packages/next/next-server/server/api-utils.ts Co-authored-by: Tim Neutkens --- packages/next/next-server/server/api-utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/next/next-server/server/api-utils.ts b/packages/next/next-server/server/api-utils.ts index f62d3202cf4ad..33c3d5096ec4f 100644 --- a/packages/next/next-server/server/api-utils.ts +++ b/packages/next/next-server/server/api-utils.ts @@ -219,7 +219,7 @@ export function sendStatusCode( export function redirect( res: NextApiResponse, status: string | number, // If this is a number it's the URL - url: string + url?: string ): NextApiResponse { if (typeof status === 'string') { url = status From 5ffe4f7ce2b74a5695dd6dbdf33dd441c1713880 Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Wed, 1 Jul 2020 03:48:02 -0400 Subject: [PATCH 08/14] Update packages/next/next-server/server/api-utils.ts Co-authored-by: Tim Neutkens --- packages/next/next-server/server/api-utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/next/next-server/server/api-utils.ts b/packages/next/next-server/server/api-utils.ts index 33c3d5096ec4f..c6c6531c4b86d 100644 --- a/packages/next/next-server/server/api-utils.ts +++ b/packages/next/next-server/server/api-utils.ts @@ -218,7 +218,7 @@ export function sendStatusCode( */ export function redirect( res: NextApiResponse, - status: string | number, // If this is a number it's the URL + statusOrUrl: string | number, url?: string ): NextApiResponse { if (typeof status === 'string') { From 3849a257a7c74bfd16dcc64a3ccf2c92152df96d Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Wed, 1 Jul 2020 03:53:01 -0400 Subject: [PATCH 09/14] Fix errors from renamed parameter --- packages/next/next-server/server/api-utils.ts | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/packages/next/next-server/server/api-utils.ts b/packages/next/next-server/server/api-utils.ts index c6c6531c4b86d..42ccd9138e079 100644 --- a/packages/next/next-server/server/api-utils.ts +++ b/packages/next/next-server/server/api-utils.ts @@ -59,7 +59,7 @@ export async function apiResolver( apiRes.status = (statusCode) => sendStatusCode(apiRes, statusCode) apiRes.send = (data) => sendData(apiReq, apiRes, data) apiRes.json = (data) => sendJson(apiRes, data) - apiRes.redirect = (statusOrUrl, url) => redirect(apiRes, status, url) + apiRes.redirect = (statusOrUrl, url) => redirect(apiRes, statusOrUrl, url) apiRes.setPreviewData = (data, options = {}) => setPreviewData(apiRes, data, Object.assign({}, apiContext, options)) apiRes.clearPreviewData = () => clearPreviewData(apiRes) @@ -213,7 +213,7 @@ export function sendStatusCode( /** * * @param res response object - * @param [status] `HTTP` status code of redirect + * @param [statusOrUrl] `HTTP` status code of redirect * @param url URL of redirect */ export function redirect( @@ -221,13 +221,12 @@ export function redirect( statusOrUrl: string | number, url?: string ): NextApiResponse { - if (typeof status === 'string') { - url = status - status = 302 + if (typeof statusOrUrl === 'string') { + url = statusOrUrl + statusOrUrl = 302 } - res.writeHead(status, { Location: url }) - res.end() + res.writeHead(statusOrUrl, { Location: url }).end() return res } From 2b4f62eec469fbd930f95bb2e023bc15b714a350 Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Wed, 1 Jul 2020 04:32:17 -0400 Subject: [PATCH 10/14] Add tests --- .../api-support/pages/api/redirect-301.js | 3 +++ .../api-support/pages/api/redirect-302.js | 3 +++ .../api-support/test/index.test.js | 23 +++++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 test/integration/api-support/pages/api/redirect-301.js create mode 100644 test/integration/api-support/pages/api/redirect-302.js diff --git a/test/integration/api-support/pages/api/redirect-301.js b/test/integration/api-support/pages/api/redirect-301.js new file mode 100644 index 0000000000000..49875945bdecf --- /dev/null +++ b/test/integration/api-support/pages/api/redirect-301.js @@ -0,0 +1,3 @@ +export default (req, res) => { + res.redirect(301, '/login') +} diff --git a/test/integration/api-support/pages/api/redirect-302.js b/test/integration/api-support/pages/api/redirect-302.js new file mode 100644 index 0000000000000..1bee2516cbe8a --- /dev/null +++ b/test/integration/api-support/pages/api/redirect-302.js @@ -0,0 +1,3 @@ +export default (req, res) => { + res.redirect('/login') +} diff --git a/test/integration/api-support/test/index.test.js b/test/integration/api-support/test/index.test.js index 9252311a1c62b..57e19e36b0a67 100644 --- a/test/integration/api-support/test/index.test.js +++ b/test/integration/api-support/test/index.test.js @@ -236,6 +236,29 @@ function runTests(dev = false) { expect(data).toEqual({ message: 'Parsed body' }) }) + it('should redirect with status code 302', async () => { + const res = await fetchViaHTTP(appPort, '/api/redirect-302', null, { + redirect: 'manual', + }) + + expect(res.status).toEqual(302) + }) + + it('should redirect to login', async () => { + const res = await fetchViaHTTP(appPort, '/api/redirect-302', null, {}) + + expect(res.redirected).toBe(true) + expect(res.url).toContain('/login') + }) + + it('should redirect with status code 301', async () => { + const res = await fetchViaHTTP(appPort, '/api/redirect-301', null, { + redirect: 'manual', + }) + + expect(res.status).toEqual(301) + }) + it('should return empty query object', async () => { const data = await fetchViaHTTP(appPort, '/api/query', null, {}).then( (res) => res.ok && res.json() From 58c54fc6866000f3e3aeb3799fded05015ffbdca Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Fri, 3 Jul 2020 14:36:12 -0400 Subject: [PATCH 11/14] Change status code to 307 --- packages/next/next-server/server/api-utils.ts | 2 +- .../pages/api/{redirect-302.js => redirect-307.js} | 0 test/integration/api-support/test/index.test.js | 8 ++++---- 3 files changed, 5 insertions(+), 5 deletions(-) rename test/integration/api-support/pages/api/{redirect-302.js => redirect-307.js} (100%) diff --git a/packages/next/next-server/server/api-utils.ts b/packages/next/next-server/server/api-utils.ts index 42ccd9138e079..e2ba57d721737 100644 --- a/packages/next/next-server/server/api-utils.ts +++ b/packages/next/next-server/server/api-utils.ts @@ -223,7 +223,7 @@ export function redirect( ): NextApiResponse { if (typeof statusOrUrl === 'string') { url = statusOrUrl - statusOrUrl = 302 + statusOrUrl = 307 } res.writeHead(statusOrUrl, { Location: url }).end() diff --git a/test/integration/api-support/pages/api/redirect-302.js b/test/integration/api-support/pages/api/redirect-307.js similarity index 100% rename from test/integration/api-support/pages/api/redirect-302.js rename to test/integration/api-support/pages/api/redirect-307.js diff --git a/test/integration/api-support/test/index.test.js b/test/integration/api-support/test/index.test.js index 57e19e36b0a67..2694f18314777 100644 --- a/test/integration/api-support/test/index.test.js +++ b/test/integration/api-support/test/index.test.js @@ -236,16 +236,16 @@ function runTests(dev = false) { expect(data).toEqual({ message: 'Parsed body' }) }) - it('should redirect with status code 302', async () => { - const res = await fetchViaHTTP(appPort, '/api/redirect-302', null, { + it('should redirect with status code 307', async () => { + const res = await fetchViaHTTP(appPort, '/api/redirect-307', null, { redirect: 'manual', }) - expect(res.status).toEqual(302) + expect(res.status).toEqual(307) }) it('should redirect to login', async () => { - const res = await fetchViaHTTP(appPort, '/api/redirect-302', null, {}) + const res = await fetchViaHTTP(appPort, '/api/redirect-307', null, {}) expect(res.redirected).toBe(true) expect(res.url).toContain('/login') From 540c2295e324a01f7f37f6cb239e589f74502584 Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Fri, 3 Jul 2020 14:49:20 -0400 Subject: [PATCH 12/14] Update examples with new redirect helper --- examples/auth0/pages/advanced/ssr-profile.js | 5 +---- examples/cms-agilitycms/pages/api/exit-preview.js | 3 +-- examples/cms-agilitycms/pages/api/preview.js | 3 +-- examples/cms-buttercms/pages/api/exit-preview.js | 3 +-- examples/cms-buttercms/pages/api/preview.js | 3 +-- examples/cms-contentful/pages/api/exit-preview.js | 3 +-- examples/cms-contentful/pages/api/preview.js | 2 +- examples/cms-cosmic/pages/api/exit-preview.js | 3 +-- examples/cms-cosmic/pages/api/preview.js | 3 +-- examples/cms-datocms/pages/api/exit-preview.js | 3 +-- examples/cms-datocms/pages/api/preview.js | 3 +-- examples/cms-graphcms/pages/api/exit-preview.js | 3 +-- examples/cms-graphcms/pages/api/preview.js | 3 +-- examples/cms-prismic/pages/api/exit-preview.js | 3 +-- examples/cms-sanity/pages/api/exit-preview.js | 3 +-- examples/cms-sanity/pages/api/preview.js | 3 +-- examples/cms-storyblok/pages/api/exit-preview.js | 3 +-- examples/cms-storyblok/pages/api/preview.js | 3 +-- examples/cms-strapi/pages/api/exit-preview.js | 3 +-- examples/cms-strapi/pages/api/preview.js | 3 +-- examples/cms-takeshape/pages/api/exit-preview.js | 3 +-- examples/cms-takeshape/pages/api/preview.js | 3 +-- examples/cms-wordpress/pages/api/exit-preview.js | 3 +-- examples/cms-wordpress/pages/api/preview.js | 3 +-- examples/with-magic/pages/api/logout.js | 3 +-- examples/with-passport/pages/api/logout.js | 3 +-- 26 files changed, 26 insertions(+), 53 deletions(-) diff --git a/examples/auth0/pages/advanced/ssr-profile.js b/examples/auth0/pages/advanced/ssr-profile.js index 84d96d4dbee4c..b3d2685273536 100644 --- a/examples/auth0/pages/advanced/ssr-profile.js +++ b/examples/auth0/pages/advanced/ssr-profile.js @@ -24,10 +24,7 @@ export async function getServerSideProps({ req, res }) { const session = await auth0.getSession(req) if (!session || !session.user) { - res.writeHead(302, { - Location: '/api/login', - }) - res.end() + res.redirect('/api/login') return } diff --git a/examples/cms-agilitycms/pages/api/exit-preview.js b/examples/cms-agilitycms/pages/api/exit-preview.js index 03d954f4a7a99..0f1b8cad51934 100644 --- a/examples/cms-agilitycms/pages/api/exit-preview.js +++ b/examples/cms-agilitycms/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function handler(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-agilitycms/pages/api/preview.js b/examples/cms-agilitycms/pages/api/preview.js index 4867bb03c1296..633fb2331aa46 100644 --- a/examples/cms-agilitycms/pages/api/preview.js +++ b/examples/cms-agilitycms/pages/api/preview.js @@ -19,6 +19,5 @@ export default async function handler(req, res) { res.setPreviewData({}) // Redirect to the slug - res.writeHead(307, { Location: validationResp.slug }) - res.end() + res.redirect(validationResp.slug) } diff --git a/examples/cms-buttercms/pages/api/exit-preview.js b/examples/cms-buttercms/pages/api/exit-preview.js index 6c63a0a6e8a42..baf98353569b2 100644 --- a/examples/cms-buttercms/pages/api/exit-preview.js +++ b/examples/cms-buttercms/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-buttercms/pages/api/preview.js b/examples/cms-buttercms/pages/api/preview.js index 08499d1503979..b4a5dd5a135aa 100644 --- a/examples/cms-buttercms/pages/api/preview.js +++ b/examples/cms-buttercms/pages/api/preview.js @@ -23,6 +23,5 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.writeHead(307, { Location: `/posts/${post.slug}` }) - res.end() + res.redirect(`/posts/${post.slug}`) } diff --git a/examples/cms-contentful/pages/api/exit-preview.js b/examples/cms-contentful/pages/api/exit-preview.js index 6c63a0a6e8a42..baf98353569b2 100644 --- a/examples/cms-contentful/pages/api/exit-preview.js +++ b/examples/cms-contentful/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-contentful/pages/api/preview.js b/examples/cms-contentful/pages/api/preview.js index 6ddc5a203f6d7..b5a8be6dd5428 100644 --- a/examples/cms-contentful/pages/api/preview.js +++ b/examples/cms-contentful/pages/api/preview.js @@ -20,7 +20,7 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - // res.writeHead(307, { Location: `/posts/${post.slug}` }) + // res.redirect(`/posts/${post.slug}`) const url = `/posts/${post.slug}` res.write( ` diff --git a/examples/cms-cosmic/pages/api/exit-preview.js b/examples/cms-cosmic/pages/api/exit-preview.js index 6c63a0a6e8a42..baf98353569b2 100644 --- a/examples/cms-cosmic/pages/api/exit-preview.js +++ b/examples/cms-cosmic/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-cosmic/pages/api/preview.js b/examples/cms-cosmic/pages/api/preview.js index 77b3ae16f5aed..341d52465f484 100644 --- a/examples/cms-cosmic/pages/api/preview.js +++ b/examples/cms-cosmic/pages/api/preview.js @@ -23,6 +23,5 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.writeHead(307, { Location: `/posts/${post.slug}` }) - res.end() + res.redirect(`/posts/${post.slug}`) } diff --git a/examples/cms-datocms/pages/api/exit-preview.js b/examples/cms-datocms/pages/api/exit-preview.js index 6c63a0a6e8a42..baf98353569b2 100644 --- a/examples/cms-datocms/pages/api/exit-preview.js +++ b/examples/cms-datocms/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-datocms/pages/api/preview.js b/examples/cms-datocms/pages/api/preview.js index 8f7f2d42c1d3c..323e08103ae18 100644 --- a/examples/cms-datocms/pages/api/preview.js +++ b/examples/cms-datocms/pages/api/preview.js @@ -23,6 +23,5 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.writeHead(307, { Location: `/posts/${post.slug}` }) - res.end() + res.redirect(`/posts/${post.slug}`) } diff --git a/examples/cms-graphcms/pages/api/exit-preview.js b/examples/cms-graphcms/pages/api/exit-preview.js index 03d954f4a7a99..0f1b8cad51934 100644 --- a/examples/cms-graphcms/pages/api/exit-preview.js +++ b/examples/cms-graphcms/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function handler(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-graphcms/pages/api/preview.js b/examples/cms-graphcms/pages/api/preview.js index cd749e8db1220..b84d354c85493 100644 --- a/examples/cms-graphcms/pages/api/preview.js +++ b/examples/cms-graphcms/pages/api/preview.js @@ -23,6 +23,5 @@ export default async function handler(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.writeHead(307, { Location: `/posts/${post.slug}` }) - res.end() + res.redirect(`/posts/${post.slug}`) } diff --git a/examples/cms-prismic/pages/api/exit-preview.js b/examples/cms-prismic/pages/api/exit-preview.js index 6c63a0a6e8a42..baf98353569b2 100644 --- a/examples/cms-prismic/pages/api/exit-preview.js +++ b/examples/cms-prismic/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-sanity/pages/api/exit-preview.js b/examples/cms-sanity/pages/api/exit-preview.js index 6c63a0a6e8a42..baf98353569b2 100644 --- a/examples/cms-sanity/pages/api/exit-preview.js +++ b/examples/cms-sanity/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-sanity/pages/api/preview.js b/examples/cms-sanity/pages/api/preview.js index b046d0b233970..412e59ffd211c 100644 --- a/examples/cms-sanity/pages/api/preview.js +++ b/examples/cms-sanity/pages/api/preview.js @@ -23,6 +23,5 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.writeHead(307, { Location: `/posts/${post.slug}` }) - res.end() + res.redirect(`/posts/${post.slug}`) } diff --git a/examples/cms-storyblok/pages/api/exit-preview.js b/examples/cms-storyblok/pages/api/exit-preview.js index 6c63a0a6e8a42..baf98353569b2 100644 --- a/examples/cms-storyblok/pages/api/exit-preview.js +++ b/examples/cms-storyblok/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-storyblok/pages/api/preview.js b/examples/cms-storyblok/pages/api/preview.js index 814c37e463ea6..a574b0fc66f85 100644 --- a/examples/cms-storyblok/pages/api/preview.js +++ b/examples/cms-storyblok/pages/api/preview.js @@ -23,6 +23,5 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.writeHead(307, { Location: `/posts/${post?.PostItem?.slug}` }) - res.end() + res.redirect(`/posts/${post?.PostItem?.slug}`) } diff --git a/examples/cms-strapi/pages/api/exit-preview.js b/examples/cms-strapi/pages/api/exit-preview.js index 6c63a0a6e8a42..baf98353569b2 100644 --- a/examples/cms-strapi/pages/api/exit-preview.js +++ b/examples/cms-strapi/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-strapi/pages/api/preview.js b/examples/cms-strapi/pages/api/preview.js index 0a1b206d6bbd4..932e86344d9ff 100644 --- a/examples/cms-strapi/pages/api/preview.js +++ b/examples/cms-strapi/pages/api/preview.js @@ -23,6 +23,5 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.writeHead(307, { Location: `/posts/${post.slug}` }) - res.end() + res.redirect(`/posts/${post.slug}`) } diff --git a/examples/cms-takeshape/pages/api/exit-preview.js b/examples/cms-takeshape/pages/api/exit-preview.js index 6c63a0a6e8a42..baf98353569b2 100644 --- a/examples/cms-takeshape/pages/api/exit-preview.js +++ b/examples/cms-takeshape/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-takeshape/pages/api/preview.js b/examples/cms-takeshape/pages/api/preview.js index cd6f0d25b15f5..42539c6cd354c 100644 --- a/examples/cms-takeshape/pages/api/preview.js +++ b/examples/cms-takeshape/pages/api/preview.js @@ -23,6 +23,5 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.writeHead(307, { Location: `/posts/${post.slug}` }) - res.end() + res.redirect(`/posts/${post.slug}`) } diff --git a/examples/cms-wordpress/pages/api/exit-preview.js b/examples/cms-wordpress/pages/api/exit-preview.js index 6c63a0a6e8a42..baf98353569b2 100644 --- a/examples/cms-wordpress/pages/api/exit-preview.js +++ b/examples/cms-wordpress/pages/api/exit-preview.js @@ -3,6 +3,5 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.writeHead(307, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/cms-wordpress/pages/api/preview.js b/examples/cms-wordpress/pages/api/preview.js index c320af238b415..12b103c0841cc 100644 --- a/examples/cms-wordpress/pages/api/preview.js +++ b/examples/cms-wordpress/pages/api/preview.js @@ -32,6 +32,5 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to `req.query.slug` as that might lead to open redirect vulnerabilities - res.writeHead(307, { Location: `/posts/${post.slug || post.databaseId}` }) - res.end() + res.redirect(`/posts/${post.slug || post.databaseId}`) } diff --git a/examples/with-magic/pages/api/logout.js b/examples/with-magic/pages/api/logout.js index d29a38f6c41d0..4ee699bf85faf 100644 --- a/examples/with-magic/pages/api/logout.js +++ b/examples/with-magic/pages/api/logout.js @@ -6,6 +6,5 @@ export default async function logout(req, res) { const session = await getSession(req) await magic.users.logoutByIssuer(session.issuer) removeTokenCookie(res) - res.writeHead(302, { Location: '/' }) - res.end() + res.redirect('/') } diff --git a/examples/with-passport/pages/api/logout.js b/examples/with-passport/pages/api/logout.js index 1fe3096cdc014..3f78a2584cb6f 100644 --- a/examples/with-passport/pages/api/logout.js +++ b/examples/with-passport/pages/api/logout.js @@ -2,6 +2,5 @@ import { removeTokenCookie } from '../../lib/auth-cookies' export default async function logout(req, res) { removeTokenCookie(res) - res.writeHead(302, { Location: '/' }) - res.end() + res.redirect('/') } From 76d702c0b2a99930a61ac6c3e5dd7292d39af0df Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Fri, 3 Jul 2020 14:50:18 -0400 Subject: [PATCH 13/14] Update docs with new redirect helper --- docs/advanced-features/preview-mode.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/advanced-features/preview-mode.md b/docs/advanced-features/preview-mode.md index 18bda9c383f46..dd4065482248c 100644 --- a/docs/advanced-features/preview-mode.md +++ b/docs/advanced-features/preview-mode.md @@ -111,8 +111,7 @@ export default async (req, res) => { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.writeHead(307, { Location: post.slug }) - res.end() + res.redirect(post.slug) } ``` From babea12ea533a90768a5bf5564ed7a16769d622a Mon Sep 17 00:00:00 2001 From: Ben Botvinick Date: Sun, 5 Jul 2020 16:13:44 -0400 Subject: [PATCH 14/14] Undo examples updates --- examples/auth0/pages/advanced/ssr-profile.js | 5 ++++- examples/cms-agilitycms/pages/api/exit-preview.js | 3 ++- examples/cms-agilitycms/pages/api/preview.js | 3 ++- examples/cms-buttercms/pages/api/exit-preview.js | 3 ++- examples/cms-buttercms/pages/api/preview.js | 3 ++- examples/cms-contentful/pages/api/exit-preview.js | 3 ++- examples/cms-contentful/pages/api/preview.js | 2 +- examples/cms-cosmic/pages/api/exit-preview.js | 3 ++- examples/cms-cosmic/pages/api/preview.js | 3 ++- examples/cms-datocms/pages/api/exit-preview.js | 3 ++- examples/cms-datocms/pages/api/preview.js | 3 ++- examples/cms-graphcms/pages/api/exit-preview.js | 3 ++- examples/cms-graphcms/pages/api/preview.js | 3 ++- examples/cms-prismic/pages/api/exit-preview.js | 3 ++- examples/cms-sanity/pages/api/exit-preview.js | 3 ++- examples/cms-sanity/pages/api/preview.js | 3 ++- examples/cms-storyblok/pages/api/exit-preview.js | 3 ++- examples/cms-storyblok/pages/api/preview.js | 3 ++- examples/cms-strapi/pages/api/exit-preview.js | 3 ++- examples/cms-strapi/pages/api/preview.js | 3 ++- examples/cms-takeshape/pages/api/exit-preview.js | 3 ++- examples/cms-takeshape/pages/api/preview.js | 3 ++- examples/cms-wordpress/pages/api/exit-preview.js | 3 ++- examples/cms-wordpress/pages/api/preview.js | 3 ++- examples/with-magic/pages/api/logout.js | 3 ++- examples/with-passport/pages/api/logout.js | 3 ++- 26 files changed, 53 insertions(+), 26 deletions(-) diff --git a/examples/auth0/pages/advanced/ssr-profile.js b/examples/auth0/pages/advanced/ssr-profile.js index b3d2685273536..84d96d4dbee4c 100644 --- a/examples/auth0/pages/advanced/ssr-profile.js +++ b/examples/auth0/pages/advanced/ssr-profile.js @@ -24,7 +24,10 @@ export async function getServerSideProps({ req, res }) { const session = await auth0.getSession(req) if (!session || !session.user) { - res.redirect('/api/login') + res.writeHead(302, { + Location: '/api/login', + }) + res.end() return } diff --git a/examples/cms-agilitycms/pages/api/exit-preview.js b/examples/cms-agilitycms/pages/api/exit-preview.js index 0f1b8cad51934..03d954f4a7a99 100644 --- a/examples/cms-agilitycms/pages/api/exit-preview.js +++ b/examples/cms-agilitycms/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function handler(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-agilitycms/pages/api/preview.js b/examples/cms-agilitycms/pages/api/preview.js index 633fb2331aa46..4867bb03c1296 100644 --- a/examples/cms-agilitycms/pages/api/preview.js +++ b/examples/cms-agilitycms/pages/api/preview.js @@ -19,5 +19,6 @@ export default async function handler(req, res) { res.setPreviewData({}) // Redirect to the slug - res.redirect(validationResp.slug) + res.writeHead(307, { Location: validationResp.slug }) + res.end() } diff --git a/examples/cms-buttercms/pages/api/exit-preview.js b/examples/cms-buttercms/pages/api/exit-preview.js index baf98353569b2..6c63a0a6e8a42 100644 --- a/examples/cms-buttercms/pages/api/exit-preview.js +++ b/examples/cms-buttercms/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-buttercms/pages/api/preview.js b/examples/cms-buttercms/pages/api/preview.js index b4a5dd5a135aa..08499d1503979 100644 --- a/examples/cms-buttercms/pages/api/preview.js +++ b/examples/cms-buttercms/pages/api/preview.js @@ -23,5 +23,6 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.redirect(`/posts/${post.slug}`) + res.writeHead(307, { Location: `/posts/${post.slug}` }) + res.end() } diff --git a/examples/cms-contentful/pages/api/exit-preview.js b/examples/cms-contentful/pages/api/exit-preview.js index baf98353569b2..6c63a0a6e8a42 100644 --- a/examples/cms-contentful/pages/api/exit-preview.js +++ b/examples/cms-contentful/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-contentful/pages/api/preview.js b/examples/cms-contentful/pages/api/preview.js index b5a8be6dd5428..6ddc5a203f6d7 100644 --- a/examples/cms-contentful/pages/api/preview.js +++ b/examples/cms-contentful/pages/api/preview.js @@ -20,7 +20,7 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - // res.redirect(`/posts/${post.slug}`) + // res.writeHead(307, { Location: `/posts/${post.slug}` }) const url = `/posts/${post.slug}` res.write( ` diff --git a/examples/cms-cosmic/pages/api/exit-preview.js b/examples/cms-cosmic/pages/api/exit-preview.js index baf98353569b2..6c63a0a6e8a42 100644 --- a/examples/cms-cosmic/pages/api/exit-preview.js +++ b/examples/cms-cosmic/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-cosmic/pages/api/preview.js b/examples/cms-cosmic/pages/api/preview.js index 341d52465f484..77b3ae16f5aed 100644 --- a/examples/cms-cosmic/pages/api/preview.js +++ b/examples/cms-cosmic/pages/api/preview.js @@ -23,5 +23,6 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.redirect(`/posts/${post.slug}`) + res.writeHead(307, { Location: `/posts/${post.slug}` }) + res.end() } diff --git a/examples/cms-datocms/pages/api/exit-preview.js b/examples/cms-datocms/pages/api/exit-preview.js index baf98353569b2..6c63a0a6e8a42 100644 --- a/examples/cms-datocms/pages/api/exit-preview.js +++ b/examples/cms-datocms/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-datocms/pages/api/preview.js b/examples/cms-datocms/pages/api/preview.js index 323e08103ae18..8f7f2d42c1d3c 100644 --- a/examples/cms-datocms/pages/api/preview.js +++ b/examples/cms-datocms/pages/api/preview.js @@ -23,5 +23,6 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.redirect(`/posts/${post.slug}`) + res.writeHead(307, { Location: `/posts/${post.slug}` }) + res.end() } diff --git a/examples/cms-graphcms/pages/api/exit-preview.js b/examples/cms-graphcms/pages/api/exit-preview.js index 0f1b8cad51934..03d954f4a7a99 100644 --- a/examples/cms-graphcms/pages/api/exit-preview.js +++ b/examples/cms-graphcms/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function handler(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-graphcms/pages/api/preview.js b/examples/cms-graphcms/pages/api/preview.js index b84d354c85493..cd749e8db1220 100644 --- a/examples/cms-graphcms/pages/api/preview.js +++ b/examples/cms-graphcms/pages/api/preview.js @@ -23,5 +23,6 @@ export default async function handler(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.redirect(`/posts/${post.slug}`) + res.writeHead(307, { Location: `/posts/${post.slug}` }) + res.end() } diff --git a/examples/cms-prismic/pages/api/exit-preview.js b/examples/cms-prismic/pages/api/exit-preview.js index baf98353569b2..6c63a0a6e8a42 100644 --- a/examples/cms-prismic/pages/api/exit-preview.js +++ b/examples/cms-prismic/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-sanity/pages/api/exit-preview.js b/examples/cms-sanity/pages/api/exit-preview.js index baf98353569b2..6c63a0a6e8a42 100644 --- a/examples/cms-sanity/pages/api/exit-preview.js +++ b/examples/cms-sanity/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-sanity/pages/api/preview.js b/examples/cms-sanity/pages/api/preview.js index 412e59ffd211c..b046d0b233970 100644 --- a/examples/cms-sanity/pages/api/preview.js +++ b/examples/cms-sanity/pages/api/preview.js @@ -23,5 +23,6 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.redirect(`/posts/${post.slug}`) + res.writeHead(307, { Location: `/posts/${post.slug}` }) + res.end() } diff --git a/examples/cms-storyblok/pages/api/exit-preview.js b/examples/cms-storyblok/pages/api/exit-preview.js index baf98353569b2..6c63a0a6e8a42 100644 --- a/examples/cms-storyblok/pages/api/exit-preview.js +++ b/examples/cms-storyblok/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-storyblok/pages/api/preview.js b/examples/cms-storyblok/pages/api/preview.js index a574b0fc66f85..814c37e463ea6 100644 --- a/examples/cms-storyblok/pages/api/preview.js +++ b/examples/cms-storyblok/pages/api/preview.js @@ -23,5 +23,6 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.redirect(`/posts/${post?.PostItem?.slug}`) + res.writeHead(307, { Location: `/posts/${post?.PostItem?.slug}` }) + res.end() } diff --git a/examples/cms-strapi/pages/api/exit-preview.js b/examples/cms-strapi/pages/api/exit-preview.js index baf98353569b2..6c63a0a6e8a42 100644 --- a/examples/cms-strapi/pages/api/exit-preview.js +++ b/examples/cms-strapi/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-strapi/pages/api/preview.js b/examples/cms-strapi/pages/api/preview.js index 932e86344d9ff..0a1b206d6bbd4 100644 --- a/examples/cms-strapi/pages/api/preview.js +++ b/examples/cms-strapi/pages/api/preview.js @@ -23,5 +23,6 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.redirect(`/posts/${post.slug}`) + res.writeHead(307, { Location: `/posts/${post.slug}` }) + res.end() } diff --git a/examples/cms-takeshape/pages/api/exit-preview.js b/examples/cms-takeshape/pages/api/exit-preview.js index baf98353569b2..6c63a0a6e8a42 100644 --- a/examples/cms-takeshape/pages/api/exit-preview.js +++ b/examples/cms-takeshape/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-takeshape/pages/api/preview.js b/examples/cms-takeshape/pages/api/preview.js index 42539c6cd354c..cd6f0d25b15f5 100644 --- a/examples/cms-takeshape/pages/api/preview.js +++ b/examples/cms-takeshape/pages/api/preview.js @@ -23,5 +23,6 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities - res.redirect(`/posts/${post.slug}`) + res.writeHead(307, { Location: `/posts/${post.slug}` }) + res.end() } diff --git a/examples/cms-wordpress/pages/api/exit-preview.js b/examples/cms-wordpress/pages/api/exit-preview.js index baf98353569b2..6c63a0a6e8a42 100644 --- a/examples/cms-wordpress/pages/api/exit-preview.js +++ b/examples/cms-wordpress/pages/api/exit-preview.js @@ -3,5 +3,6 @@ export default async function exit(_, res) { res.clearPreviewData() // Redirect the user back to the index page. - res.redirect('/') + res.writeHead(307, { Location: '/' }) + res.end() } diff --git a/examples/cms-wordpress/pages/api/preview.js b/examples/cms-wordpress/pages/api/preview.js index 12b103c0841cc..c320af238b415 100644 --- a/examples/cms-wordpress/pages/api/preview.js +++ b/examples/cms-wordpress/pages/api/preview.js @@ -32,5 +32,6 @@ export default async function preview(req, res) { // Redirect to the path from the fetched post // We don't redirect to `req.query.slug` as that might lead to open redirect vulnerabilities - res.redirect(`/posts/${post.slug || post.databaseId}`) + res.writeHead(307, { Location: `/posts/${post.slug || post.databaseId}` }) + res.end() } diff --git a/examples/with-magic/pages/api/logout.js b/examples/with-magic/pages/api/logout.js index 4ee699bf85faf..d29a38f6c41d0 100644 --- a/examples/with-magic/pages/api/logout.js +++ b/examples/with-magic/pages/api/logout.js @@ -6,5 +6,6 @@ export default async function logout(req, res) { const session = await getSession(req) await magic.users.logoutByIssuer(session.issuer) removeTokenCookie(res) - res.redirect('/') + res.writeHead(302, { Location: '/' }) + res.end() } diff --git a/examples/with-passport/pages/api/logout.js b/examples/with-passport/pages/api/logout.js index 3f78a2584cb6f..1fe3096cdc014 100644 --- a/examples/with-passport/pages/api/logout.js +++ b/examples/with-passport/pages/api/logout.js @@ -2,5 +2,6 @@ import { removeTokenCookie } from '../../lib/auth-cookies' export default async function logout(req, res) { removeTokenCookie(res) - res.redirect('/') + res.writeHead(302, { Location: '/' }) + res.end() }