From c49557775e2b7b9c6264da11c563b020b9891050 Mon Sep 17 00:00:00 2001
From: Peter Bengtsson <peterbe@github.com>
Date: Fri, 6 Jan 2023 02:12:58 +0100
Subject: [PATCH] return 404 on /_next.junk (#33770)

---
 middleware/handle-errors.js |  1 +
 pages/_app.tsx              | 30 ++++++++++++++++++------------
 tests/routing/next.js       |  7 +++++++
 3 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/middleware/handle-errors.js b/middleware/handle-errors.js
index 5f160ad807..7db2c7ff42 100644
--- a/middleware/handle-errors.js
+++ b/middleware/handle-errors.js
@@ -67,6 +67,7 @@ export default async function handleError(error, req, res, next) {
 
     // Special handling for when a middleware calls `next(404)`
     if (error === 404) {
+      // Note that if this fails, it will swallow that error.
       return nextApp.render404(req, res)
     }
 
diff --git a/pages/_app.tsx b/pages/_app.tsx
index dd982571d7..b672863cab 100644
--- a/pages/_app.tsx
+++ b/pages/_app.tsx
@@ -1,4 +1,4 @@
-import React, { useEffect } from 'react'
+import { useEffect } from 'react'
 import App from 'next/app'
 import type { AppProps, AppContext } from 'next/app'
 import Head from 'next/head'
@@ -111,17 +111,23 @@ MyApp.getInitialProps = async (appContext: AppContext) => {
   const languagesContext: LanguagesContextT = {
     languages: {},
   }
-  for (const [langCode, langObj] of Object.entries(
-    req.context.languages as Record<string, LanguageItem>
-  )) {
-    if (langObj.wip) continue
-    // Only pick out the keys we actually need
-    languagesContext.languages[langCode] = {
-      name: langObj.name,
-      code: langObj.code,
-    }
-    if (langObj.nativeName) {
-      languagesContext.languages[langCode].nativeName = langObj.nativeName
+
+  // If we're rendering certain 404 error pages, the middleware might not
+  // yet have contextualized the `context.languages`. So omit this
+  // context mutation and live without it.
+  if (req.context.languages) {
+    for (const [langCode, langObj] of Object.entries(
+      req.context.languages as Record<string, LanguageItem>
+    )) {
+      if (langObj.wip) continue
+      // Only pick out the keys we actually need
+      languagesContext.languages[langCode] = {
+        name: langObj.name,
+        code: langObj.code,
+      }
+      if (langObj.nativeName) {
+        languagesContext.languages[langCode].nativeName = langObj.nativeName
+      }
     }
   }
 
diff --git a/tests/routing/next.js b/tests/routing/next.js
index 236c1ce049..a5e2325784 100644
--- a/tests/routing/next.js
+++ b/tests/routing/next.js
@@ -8,5 +8,12 @@ describe('redirects', () => {
   test('any _next/image request should 404', async () => {
     const res = await get('/_next/image?what=ever')
     expect(res.statusCode).toBe(404)
+    expect(res.headers['content-type']).toMatch('text/html')
+  })
+
+  test('any _next.* request should 404', async () => {
+    const res = await get('/_next.php.hack.junk')
+    expect(res.statusCode).toBe(404)
+    expect(res.headers['content-type']).toMatch('text/html')
   })
 })