From 6ceae6ce619aa8e66720500b723eb68b6280766b Mon Sep 17 00:00:00 2001
From: JJ Kasper <jj@jjsweb.site>
Date: Fri, 29 Apr 2022 13:53:20 -0500
Subject: [PATCH 1/3] Update status code for normalize error

---
 packages/next/server/base-server.ts          | 17 +++++++++++------
 packages/next/server/normalize-page-path.ts  |  3 ++-
 packages/next/shared/lib/utils.ts            |  1 +
 test/integration/production/test/security.js |  4 +++-
 4 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/packages/next/server/base-server.ts b/packages/next/server/base-server.ts
index 1d76fa5df548..0d66faa0451b 100644
--- a/packages/next/server/base-server.ts
+++ b/packages/next/server/base-server.ts
@@ -11,7 +11,12 @@ import type { ParsedUrlQuery } from 'querystring'
 import type { RenderOpts, RenderOptsPartial } from './render'
 import type { ResponseCacheEntry, ResponseCacheValue } from './response-cache'
 import type { UrlWithParsedQuery } from 'url'
-import type { CacheFs } from '../shared/lib/utils'
+import {
+  CacheFs,
+  NormalizeError,
+  DecodeError,
+  normalizeRepeatedSlashes,
+} from '../shared/lib/utils'
 import type { PreviewData } from 'next/types'
 import type { PagesManifest } from '../build/webpack/plugins/pages-manifest-plugin'
 import type { BaseNextRequest, BaseNextResponse } from './base-http'
@@ -39,7 +44,6 @@ import {
   checkIsManualRevalidate,
 } from './api-utils'
 import * as envConfig from '../shared/lib/runtime-config'
-import { DecodeError, normalizeRepeatedSlashes } from '../shared/lib/utils'
 import { isTargetLikeServerless } from './utils'
 import Router from './router'
 import { getPathMatch } from '../shared/lib/router/utils/path-match'
@@ -565,7 +569,7 @@ export default abstract class Server<ServerOptions extends Options = Options> {
             ])
           }
         } catch (err) {
-          if (err instanceof DecodeError) {
+          if (err instanceof DecodeError || err instanceof NormalizeError) {
             res.statusCode = 400
             return this.renderError(null, req, res, '/_error', {})
           }
@@ -613,7 +617,8 @@ export default abstract class Server<ServerOptions extends Options = Options> {
     } catch (err: any) {
       if (
         (err && typeof err === 'object' && err.code === 'ERR_INVALID_URL') ||
-        err instanceof DecodeError
+        err instanceof DecodeError ||
+        err instanceof NormalizeError
       ) {
         res.statusCode = 400
         return this.renderError(null, req, res, '/_error', {})
@@ -986,7 +991,7 @@ export default abstract class Server<ServerOptions extends Options = Options> {
         return
       }
     } catch (err) {
-      if (err instanceof DecodeError) {
+      if (err instanceof DecodeError || err instanceof NormalizeError) {
         res.statusCode = 400
         return this.renderError(null, req, res, '/_error', {})
       }
@@ -1746,7 +1751,7 @@ export default abstract class Server<ServerOptions extends Options = Options> {
       if (err instanceof NoFallbackError && bubbleNoFallback) {
         throw err
       }
-      if (err instanceof DecodeError) {
+      if (err instanceof DecodeError || err instanceof NormalizeError) {
         res.statusCode = 400
         return await this.renderErrorToResponse(ctx, err)
       }
diff --git a/packages/next/server/normalize-page-path.ts b/packages/next/server/normalize-page-path.ts
index 236504838d08..142098397929 100644
--- a/packages/next/server/normalize-page-path.ts
+++ b/packages/next/server/normalize-page-path.ts
@@ -1,5 +1,6 @@
 import { posix } from '../shared/lib/isomorphic/path'
 import { isDynamicRoute } from '../shared/lib/router/utils'
+import { NormalizeError } from '../shared/lib/utils'
 
 export { normalizePathSep, denormalizePagePath } from './denormalize-page-path'
 
@@ -17,7 +18,7 @@ export function normalizePagePath(page: string): string {
   // Throw when using ../ etc in the pathname
   const resolvedPage = posix.normalize(page)
   if (page !== resolvedPage) {
-    throw new Error(
+    throw new NormalizeError(
       `Requested and resolved page mismatch: ${page} ${resolvedPage}`
     )
   }
diff --git a/packages/next/shared/lib/utils.ts b/packages/next/shared/lib/utils.ts
index 3896c7b492e3..20dbe91ea53f 100644
--- a/packages/next/shared/lib/utils.ts
+++ b/packages/next/shared/lib/utils.ts
@@ -397,6 +397,7 @@ export const ST =
   typeof performance.measure === 'function'
 
 export class DecodeError extends Error {}
+export class NormalizeError extends Error {}
 
 export interface CacheFs {
   readFile(f: string): Promise<string>
diff --git a/test/integration/production/test/security.js b/test/integration/production/test/security.js
index 8a4778411b7a..c456dea27840 100644
--- a/test/integration/production/test/security.js
+++ b/test/integration/production/test/security.js
@@ -73,8 +73,10 @@ module.exports = (context) => {
       ]
 
       for (const path of pathsToCheck) {
-        const data = await renderViaHTTP(context.appPort, path)
+        const res = await fetchViaHTTP(context.appPort, path)
+        const data = await res.text()
         expect(data.includes('cool-version')).toBeFalsy()
+        expect([400, 404].includes(res.status)).toBeTruthy()
       }
     })
 

From 7ee89df88742b51dd948eae5fd6c0ad9074b95cd Mon Sep 17 00:00:00 2001
From: JJ Kasper <jj@jjsweb.site>
Date: Fri, 29 Apr 2022 14:25:52 -0500
Subject: [PATCH 2/3] fix lint

---
 test/integration/production/test/security.js | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/test/integration/production/test/security.js b/test/integration/production/test/security.js
index c456dea27840..2a4c579dd4b3 100644
--- a/test/integration/production/test/security.js
+++ b/test/integration/production/test/security.js
@@ -5,12 +5,7 @@ import { readFileSync } from 'fs'
 import http from 'http'
 import url from 'url'
 import { join } from 'path'
-import {
-  renderViaHTTP,
-  getBrowserBodyText,
-  waitFor,
-  fetchViaHTTP,
-} from 'next-test-utils'
+import { getBrowserBodyText, waitFor, fetchViaHTTP } from 'next-test-utils'
 import { recursiveReadDir } from 'next/dist/lib/recursive-readdir'
 import { homedir } from 'os'
 

From 3a5ab1e8f31d3ad4a4e412da8005c92dbb4b7e68 Mon Sep 17 00:00:00 2001
From: Tim Neutkens <tim@timneutkens.nl>
Date: Sun, 1 May 2022 11:00:47 +0200
Subject: [PATCH 3/3] Solve merge conflict

---
 packages/next/shared/lib/page-path/normalize-page-path.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/next/shared/lib/page-path/normalize-page-path.ts b/packages/next/shared/lib/page-path/normalize-page-path.ts
index 1df8cef5856a..81e7383b2da4 100644
--- a/packages/next/shared/lib/page-path/normalize-page-path.ts
+++ b/packages/next/shared/lib/page-path/normalize-page-path.ts
@@ -1,6 +1,7 @@
 import { ensureLeadingSlash } from './ensure-leading-slash'
 import { isDynamicRoute } from '../router/utils'
 import { posix } from '../isomorphic/path'
+import { NormalizeError } from '../utils'
 
 /**
  * Takes a page and transforms it into its file counterpart ensuring that the
@@ -22,7 +23,7 @@ export function normalizePagePath(page: string): string {
 
   const resolvedPage = posix.normalize(normalized)
   if (resolvedPage !== normalized) {
-    throw new Error(
+    throw new NormalizeError(
       `Requested and resolved page mismatch: ${normalized} ${resolvedPage}`
     )
   }