From 292fd4eb3f7a774c17990e3349b91ae5630db821 Mon Sep 17 00:00:00 2001 From: Steven Date: Fri, 10 May 2024 21:35:48 -0400 Subject: [PATCH] feat!(next/image): change default `Content-Disposition` to `attachment` (#65631) ### BREAKING CHANGE This changes the behavior of the default image `loader` so that [`Content-Disposition`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition#as_a_response_header_for_the_main_body) header is now `attachment` for added protection since the API can serve arbitrary remote images. The new default value, `attachment`, forces the browser to download the image when visiting directly. This is particularly important when `dangerouslyAllowSVG` is true. Most users will not notice the change since visiting pages won't behave any differently, only visiting images directly. Users can switch back to the old behavior by configuring `inline` in next.config.js ```js module.exports = { images: { contentDispositionType: 'inline', }, } --- .../02-api-reference/01-components/image.mdx | 17 ++ .../01-components/image-legacy.mdx | 16 ++ errors/invalid-images-config.mdx | 4 +- packages/next/src/shared/lib/image-config.ts | 2 +- .../test/content-disposition-type.test.ts | 4 +- .../image-optimizer/test/index.test.ts | 9 +- test/integration/image-optimizer/test/util.ts | 2 +- .../production/fixture/pages/svg-image.js | 3 + .../pages-dir/production/test/security.ts | 6 +- test/turbopack-build-tests-manifest.json | 226 +++++++++--------- 10 files changed, 162 insertions(+), 127 deletions(-) diff --git a/docs/02-app/02-api-reference/01-components/image.mdx b/docs/02-app/02-api-reference/01-components/image.mdx index 74a11d6fc106c..3956e4dbf367d 100644 --- a/docs/02-app/02-api-reference/01-components/image.mdx +++ b/docs/02-app/02-api-reference/01-components/image.mdx @@ -725,6 +725,22 @@ module.exports = { In addition, it is strongly recommended to also set `contentDispositionType` to force the browser to download the image, as well as `contentSecurityPolicy` to prevent scripts embedded in the image from executing. +### `contentDispositionType` + +The default [loader](#loader) sets the [`Content-Disposition`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition#as_a_response_header_for_the_main_body) header to `attachment` for added protection since the API can serve arbitrary remote images. + +The default value is `attachment` which forces the browser to download the image when visiting directly. This is particularly important when [`dangerouslyAllowSVG`](#dangerouslyallowsvg) is true. + +You can optionally configure `inline` to allow the browser to render the image when visiting directly, without downloading it. + +```js filename="next.config.js" +module.exports = { + images: { + contentDispositionType: 'inline', + }, +} +``` + ## Animated Images The default [loader](#loader) will automatically bypass Image Optimization for animated images and serve the image as-is. @@ -1000,6 +1016,7 @@ This `next/image` component uses browser native [lazy loading](https://caniuse.c | Version | Changes | | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `v15.0.0` | `contentDispositionType` configuration default changed to `attachment`. | | `v14.2.0` | `overrideSrc` prop added. | | `v14.1.0` | `getImageProps()` is stable. | | `v14.0.0` | `onLoadingComplete` prop and `domains` config deprecated. | diff --git a/docs/03-pages/02-api-reference/01-components/image-legacy.mdx b/docs/03-pages/02-api-reference/01-components/image-legacy.mdx index f8d3aa52e3dad..6d0ccff0337b0 100644 --- a/docs/03-pages/02-api-reference/01-components/image-legacy.mdx +++ b/docs/03-pages/02-api-reference/01-components/image-legacy.mdx @@ -577,6 +577,22 @@ module.exports = { In addition, it is strongly recommended to also set `contentDispositionType` to force the browser to download the image, as well as `contentSecurityPolicy` to prevent scripts embedded in the image from executing. +### `contentDispositionType` + +The default [loader](#loader) sets the [`Content-Disposition`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition#as_a_response_header_for_the_main_body) header to `attachment` for added protection since the API can serve arbitrary remote images. + +The default value is `attachment` which forces the browser to download the image when visiting directly. This is particularly important when [`dangerouslyAllowSVG`](#dangerously-allow-svg) is true. + +You can optionally configure `inline` to allow the browser to render the image when visiting directly, without downloading it. + +```js filename="next.config.js" +module.exports = { + images: { + contentDispositionType: 'inline', + }, +} +``` + ### Animated Images The default [loader](#loader) will automatically bypass Image Optimization for animated images and serve the image as-is. diff --git a/errors/invalid-images-config.mdx b/errors/invalid-images-config.mdx index 4f14b668eb3a0..9c60478972bc3 100644 --- a/errors/invalid-images-config.mdx +++ b/errors/invalid-images-config.mdx @@ -35,8 +35,8 @@ module.exports = { dangerouslyAllowSVG: false, // set the Content-Security-Policy header contentSecurityPolicy: "default-src 'self'; script-src 'none'; sandbox;", - // sets the Content-Disposition header (inline or attachment) - contentDispositionType: 'inline', + // sets the Content-Disposition header ('inline' or 'attachment') + contentDispositionType: 'attachment', // limit of 50 objects remotePatterns: [], // when true, every image will be unoptimized diff --git a/packages/next/src/shared/lib/image-config.ts b/packages/next/src/shared/lib/image-config.ts index 7fe1448619fcc..4fc8c5ab1971c 100644 --- a/packages/next/src/shared/lib/image-config.ts +++ b/packages/next/src/shared/lib/image-config.ts @@ -112,7 +112,7 @@ export const imageConfigDefault: ImageConfigComplete = { formats: ['image/webp'], dangerouslyAllowSVG: false, contentSecurityPolicy: `script-src 'none'; frame-src 'none'; sandbox;`, - contentDispositionType: 'inline', + contentDispositionType: 'attachment', remotePatterns: [], unoptimized: false, } diff --git a/test/integration/image-optimizer/test/content-disposition-type.test.ts b/test/integration/image-optimizer/test/content-disposition-type.test.ts index 606958b11a1ce..26c3e8bb49bed 100644 --- a/test/integration/image-optimizer/test/content-disposition-type.test.ts +++ b/test/integration/image-optimizer/test/content-disposition-type.test.ts @@ -4,9 +4,9 @@ import { setupTests } from './util' const appDir = join(__dirname, '../app') const imagesDir = join(appDir, '.next', 'cache', 'images') -describe('with contentDispositionType attachment', () => { +describe('with contentDispositionType inline', () => { setupTests({ - nextConfigImages: { contentDispositionType: 'attachment' }, + nextConfigImages: { contentDispositionType: 'inline' }, appDir, imagesDir, }) diff --git a/test/integration/image-optimizer/test/index.test.ts b/test/integration/image-optimizer/test/index.test.ts index 0148facf74e13..3c83c5f3336df 100644 --- a/test/integration/image-optimizer/test/index.test.ts +++ b/test/integration/image-optimizer/test/index.test.ts @@ -402,8 +402,9 @@ describe('Image Optimizer', () => { await retry(() => { expect(stderr).toContain( - `Invalid assetPrefix provided. Original error: TypeError [ERR_INVALID_URL]: Invalid URL` + `Invalid assetPrefix provided. Original error:` ) + expect(stderr).toContain(`Invalid URL`) }) } finally { await killApp(app).catch(() => {}) @@ -584,7 +585,7 @@ describe('Image Optimizer', () => { `public, max-age=86400, must-revalidate` ) expect(res.headers.get('Content-Disposition')).toBe( - `inline; filename="test.webp"` + `attachment; filename="test.webp"` ) await check(async () => { @@ -615,7 +616,7 @@ describe('Image Optimizer', () => { `public, max-age=60, must-revalidate` ) expect(res.headers.get('Content-Disposition')).toBe( - `inline; filename="test.webp"` + `attachment; filename="test.webp"` ) }) } @@ -723,7 +724,7 @@ describe('Image Optimizer', () => { ) expect(res.headers.get('Vary')).toBe('Accept') expect(res.headers.get('Content-Disposition')).toBe( - `inline; filename="next-js-bg.webp"` + `attachment; filename="next-js-bg.webp"` ) await check(async () => { diff --git a/test/integration/image-optimizer/test/util.ts b/test/integration/image-optimizer/test/util.ts index dcbae35554c95..015e04363f162 100644 --- a/test/integration/image-optimizer/test/util.ts +++ b/test/integration/image-optimizer/test/util.ts @@ -152,7 +152,7 @@ async function fetchWithDuration( export function runTests(ctx: RunTestsCtx) { const { isDev, nextConfigImages } = ctx const { - contentDispositionType = 'inline', + contentDispositionType = 'attachment', domains = [], formats = [], minimumCacheTTL = 60, diff --git a/test/production/pages-dir/production/fixture/pages/svg-image.js b/test/production/pages-dir/production/fixture/pages/svg-image.js index 0a450471d7e7e..97e9f88cafcf9 100644 --- a/test/production/pages-dir/production/fixture/pages/svg-image.js +++ b/test/production/pages-dir/production/fixture/pages/svg-image.js @@ -6,6 +6,9 @@ const Page = () => {

SVG with a script tag attempting XSS

+ + Click Me +

safe

) diff --git a/test/production/pages-dir/production/test/security.ts b/test/production/pages-dir/production/test/security.ts index 779f8270ec297..5da5c7c9da2ec 100644 --- a/test/production/pages-dir/production/test/security.ts +++ b/test/production/pages-dir/production/test/security.ts @@ -326,10 +326,8 @@ export default (next: NextInstance) => { const src = await browser.elementById('img').getAttribute('src') expect(src).toMatch(/_next\/image\?.*xss\.svg/) expect(await browser.elementById('msg').text()).toBe('safe') - browser = await webdriver( - next.appPort, - '/_next/image?url=%2Fxss.svg&w=256&q=75' - ) + await browser.eval(`document.getElementById("btn").click()`) + await browser.waitForIdleNetwork() expect(await browser.elementById('msg').text()).toBe('safe') } finally { if (browser) await browser.close() diff --git a/test/turbopack-build-tests-manifest.json b/test/turbopack-build-tests-manifest.json index 37ef5d7fde5cf..3b1826b17a9d6 100644 --- a/test/turbopack-build-tests-manifest.json +++ b/test/turbopack-build-tests-manifest.json @@ -10737,119 +10737,119 @@ }, "test/integration/image-optimizer/test/content-disposition-type.test.ts": { "passed": [ - "with contentDispositionType attachment Production Mode Server support with next.config.js should automatically detect image type when content-type is octet-stream", - "with contentDispositionType attachment Production Mode Server support with next.config.js should compress avif smaller than webp at q=100", - "with contentDispositionType attachment Production Mode Server support with next.config.js should compress avif smaller than webp at q=50", - "with contentDispositionType attachment Production Mode Server support with next.config.js should compress avif smaller than webp at q=75", - "with contentDispositionType attachment Production Mode Server support with next.config.js should downlevel avif format to jpeg for old Safari", - "with contentDispositionType attachment Production Mode Server support with next.config.js should downlevel webp format to jpeg for old Safari", - "with contentDispositionType attachment Production Mode Server support with next.config.js should emit blur svg when width is 8 in dev but not prod", - "with contentDispositionType attachment Production Mode Server support with next.config.js should emit blur svg when width is less than 8 in dev but not prod", - "with contentDispositionType attachment Production Mode Server support with next.config.js should error if the image file does not exist", - "with contentDispositionType attachment Production Mode Server support with next.config.js should error if the resource isn't a valid image", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when domain is not defined in next.config.js", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when internal url is not an image", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when q is greater than 100", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when q is less than 1", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when q is missing", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when q is not a number", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when url fails to load an image", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when url has file protocol", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when url has ftp protocol", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when url is missing", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when w is 0", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when w is less than 0", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when w is missing", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when w is not a number", - "with contentDispositionType attachment Production Mode Server support with next.config.js should fail when width is not in next.config.js", - "with contentDispositionType attachment Production Mode Server support with next.config.js should handle concurrent requests", - "with contentDispositionType attachment Production Mode Server support with next.config.js should handle non-ascii characters in image url", - "with contentDispositionType attachment Production Mode Server support with next.config.js should maintain animated gif", - "with contentDispositionType attachment Production Mode Server support with next.config.js should maintain animated png", - "with contentDispositionType attachment Production Mode Server support with next.config.js should maintain animated png 2", - "with contentDispositionType attachment Production Mode Server support with next.config.js should maintain animated webp", - "with contentDispositionType attachment Production Mode Server support with next.config.js should maintain bmp", - "with contentDispositionType attachment Production Mode Server support with next.config.js should maintain ico format", - "with contentDispositionType attachment Production Mode Server support with next.config.js should maintain jpg format for old Safari", - "with contentDispositionType attachment Production Mode Server support with next.config.js should maintain png format for old Safari", - "with contentDispositionType attachment Production Mode Server support with next.config.js should normalize invalid status codes", - "with contentDispositionType attachment Production Mode Server support with next.config.js should not allow svg with application header", - "with contentDispositionType attachment Production Mode Server support with next.config.js should not allow svg with comma header", - "with contentDispositionType attachment Production Mode Server support with next.config.js should not allow svg with uppercase header", - "with contentDispositionType attachment Production Mode Server support with next.config.js should not allow vector svg", - "with contentDispositionType attachment Production Mode Server support with next.config.js should not resize if requested width is larger than original source image", - "with contentDispositionType attachment Production Mode Server support with next.config.js should resize absolute url from localhost", - "with contentDispositionType attachment Production Mode Server support with next.config.js should resize relative url and new Chrome accept header as avif", - "with contentDispositionType attachment Production Mode Server support with next.config.js should resize relative url and old Chrome accept header as webp", - "with contentDispositionType attachment Production Mode Server support with next.config.js should resize relative url and png accept header", - "with contentDispositionType attachment Production Mode Server support with next.config.js should resize relative url and webp Firefox accept header", - "with contentDispositionType attachment Production Mode Server support with next.config.js should resize relative url with invalid accept header as gif", - "with contentDispositionType attachment Production Mode Server support with next.config.js should resize relative url with invalid accept header as png", - "with contentDispositionType attachment Production Mode Server support with next.config.js should resize relative url with invalid accept header as tiff", - "with contentDispositionType attachment Production Mode Server support with next.config.js should return home page", - "with contentDispositionType attachment Production Mode Server support with next.config.js should set 304 status without body when etag matches if-none-match", - "with contentDispositionType attachment Production Mode Server support with next.config.js should use cache and stale-while-revalidate when query is the same for external image", - "with contentDispositionType attachment Production Mode Server support with next.config.js should use cache and stale-while-revalidate when query is the same for internal image", - "with contentDispositionType attachment Production Mode Server support with next.config.js should use cached image file when parameters are the same for animated gif", - "with contentDispositionType attachment dev support with next.config.js should automatically detect image type when content-type is octet-stream", - "with contentDispositionType attachment dev support with next.config.js should compress avif smaller than webp at q=100", - "with contentDispositionType attachment dev support with next.config.js should compress avif smaller than webp at q=50", - "with contentDispositionType attachment dev support with next.config.js should compress avif smaller than webp at q=75", - "with contentDispositionType attachment dev support with next.config.js should downlevel avif format to jpeg for old Safari", - "with contentDispositionType attachment dev support with next.config.js should downlevel webp format to jpeg for old Safari", - "with contentDispositionType attachment dev support with next.config.js should emit blur svg when width is 8 in dev but not prod", - "with contentDispositionType attachment dev support with next.config.js should emit blur svg when width is less than 8 in dev but not prod", - "with contentDispositionType attachment dev support with next.config.js should error if the image file does not exist", - "with contentDispositionType attachment dev support with next.config.js should error if the resource isn't a valid image", - "with contentDispositionType attachment dev support with next.config.js should fail when domain is not defined in next.config.js", - "with contentDispositionType attachment dev support with next.config.js should fail when internal url is not an image", - "with contentDispositionType attachment dev support with next.config.js should fail when q is greater than 100", - "with contentDispositionType attachment dev support with next.config.js should fail when q is less than 1", - "with contentDispositionType attachment dev support with next.config.js should fail when q is missing", - "with contentDispositionType attachment dev support with next.config.js should fail when q is not a number", - "with contentDispositionType attachment dev support with next.config.js should fail when url fails to load an image", - "with contentDispositionType attachment dev support with next.config.js should fail when url has file protocol", - "with contentDispositionType attachment dev support with next.config.js should fail when url has ftp protocol", - "with contentDispositionType attachment dev support with next.config.js should fail when url is missing", - "with contentDispositionType attachment dev support with next.config.js should fail when w is 0", - "with contentDispositionType attachment dev support with next.config.js should fail when w is less than 0", - "with contentDispositionType attachment dev support with next.config.js should fail when w is missing", - "with contentDispositionType attachment dev support with next.config.js should fail when w is not a number", - "with contentDispositionType attachment dev support with next.config.js should fail when width is not in next.config.js", - "with contentDispositionType attachment dev support with next.config.js should handle concurrent requests", - "with contentDispositionType attachment dev support with next.config.js should handle non-ascii characters in image url", - "with contentDispositionType attachment dev support with next.config.js should maintain animated gif", - "with contentDispositionType attachment dev support with next.config.js should maintain animated png", - "with contentDispositionType attachment dev support with next.config.js should maintain animated png 2", - "with contentDispositionType attachment dev support with next.config.js should maintain animated webp", - "with contentDispositionType attachment dev support with next.config.js should maintain bmp", - "with contentDispositionType attachment dev support with next.config.js should maintain ico format", - "with contentDispositionType attachment dev support with next.config.js should maintain jpg format for old Safari", - "with contentDispositionType attachment dev support with next.config.js should maintain png format for old Safari", - "with contentDispositionType attachment dev support with next.config.js should normalize invalid status codes", - "with contentDispositionType attachment dev support with next.config.js should not allow svg with application header", - "with contentDispositionType attachment dev support with next.config.js should not allow svg with comma header", - "with contentDispositionType attachment dev support with next.config.js should not allow svg with uppercase header", - "with contentDispositionType attachment dev support with next.config.js should not allow vector svg", - "with contentDispositionType attachment dev support with next.config.js should not resize if requested width is larger than original source image", - "with contentDispositionType attachment dev support with next.config.js should resize absolute url from localhost", - "with contentDispositionType attachment dev support with next.config.js should resize relative url and new Chrome accept header as avif", - "with contentDispositionType attachment dev support with next.config.js should resize relative url and old Chrome accept header as webp", - "with contentDispositionType attachment dev support with next.config.js should resize relative url and png accept header", - "with contentDispositionType attachment dev support with next.config.js should resize relative url and webp Firefox accept header", - "with contentDispositionType attachment dev support with next.config.js should resize relative url with invalid accept header as gif", - "with contentDispositionType attachment dev support with next.config.js should resize relative url with invalid accept header as png", - "with contentDispositionType attachment dev support with next.config.js should resize relative url with invalid accept header as tiff", - "with contentDispositionType attachment dev support with next.config.js should return home page", - "with contentDispositionType attachment dev support with next.config.js should set 304 status without body when etag matches if-none-match", - "with contentDispositionType attachment dev support with next.config.js should set cache-control to immutable for static images", - "with contentDispositionType attachment dev support with next.config.js should use cache and stale-while-revalidate when query is the same for external image", - "with contentDispositionType attachment dev support with next.config.js should use cache and stale-while-revalidate when query is the same for internal image", - "with contentDispositionType attachment dev support with next.config.js should use cached image file when parameters are the same for animated gif" - ], - "failed": [ - "with contentDispositionType attachment Production Mode Server support w/o next.config.js should set cache-control to immutable for static images", - "with contentDispositionType attachment Production Mode Server support with next.config.js should set cache-control to immutable for static images" + "with contentDispositionType inline Production Mode Server support with next.config.js should automatically detect image type when content-type is octet-stream", + "with contentDispositionType inline Production Mode Server support with next.config.js should compress avif smaller than webp at q=100", + "with contentDispositionType inline Production Mode Server support with next.config.js should compress avif smaller than webp at q=50", + "with contentDispositionType inline Production Mode Server support with next.config.js should compress avif smaller than webp at q=75", + "with contentDispositionType inline Production Mode Server support with next.config.js should downlevel avif format to jpeg for old Safari", + "with contentDispositionType inline Production Mode Server support with next.config.js should downlevel webp format to jpeg for old Safari", + "with contentDispositionType inline Production Mode Server support with next.config.js should emit blur svg when width is 8 in dev but not prod", + "with contentDispositionType inline Production Mode Server support with next.config.js should emit blur svg when width is less than 8 in dev but not prod", + "with contentDispositionType inline Production Mode Server support with next.config.js should error if the image file does not exist", + "with contentDispositionType inline Production Mode Server support with next.config.js should error if the resource isn't a valid image", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when domain is not defined in next.config.js", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when internal url is not an image", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when q is greater than 100", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when q is less than 1", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when q is missing", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when q is not a number", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when url fails to load an image", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when url has file protocol", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when url has ftp protocol", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when url is missing", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when w is 0", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when w is less than 0", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when w is missing", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when w is not a number", + "with contentDispositionType inline Production Mode Server support with next.config.js should fail when width is not in next.config.js", + "with contentDispositionType inline Production Mode Server support with next.config.js should handle concurrent requests", + "with contentDispositionType inline Production Mode Server support with next.config.js should handle non-ascii characters in image url", + "with contentDispositionType inline Production Mode Server support with next.config.js should maintain animated gif", + "with contentDispositionType inline Production Mode Server support with next.config.js should maintain animated png", + "with contentDispositionType inline Production Mode Server support with next.config.js should maintain animated png 2", + "with contentDispositionType inline Production Mode Server support with next.config.js should maintain animated webp", + "with contentDispositionType inline Production Mode Server support with next.config.js should maintain bmp", + "with contentDispositionType inline Production Mode Server support with next.config.js should maintain ico format", + "with contentDispositionType inline Production Mode Server support with next.config.js should maintain jpg format for old Safari", + "with contentDispositionType inline Production Mode Server support with next.config.js should maintain png format for old Safari", + "with contentDispositionType inline Production Mode Server support with next.config.js should normalize invalid status codes", + "with contentDispositionType inline Production Mode Server support with next.config.js should not allow svg with application header", + "with contentDispositionType inline Production Mode Server support with next.config.js should not allow svg with comma header", + "with contentDispositionType inline Production Mode Server support with next.config.js should not allow svg with uppercase header", + "with contentDispositionType inline Production Mode Server support with next.config.js should not allow vector svg", + "with contentDispositionType inline Production Mode Server support with next.config.js should not resize if requested width is larger than original source image", + "with contentDispositionType inline Production Mode Server support with next.config.js should resize absolute url from localhost", + "with contentDispositionType inline Production Mode Server support with next.config.js should resize relative url and new Chrome accept header as avif", + "with contentDispositionType inline Production Mode Server support with next.config.js should resize relative url and old Chrome accept header as webp", + "with contentDispositionType inline Production Mode Server support with next.config.js should resize relative url and png accept header", + "with contentDispositionType inline Production Mode Server support with next.config.js should resize relative url and webp Firefox accept header", + "with contentDispositionType inline Production Mode Server support with next.config.js should resize relative url with invalid accept header as gif", + "with contentDispositionType inline Production Mode Server support with next.config.js should resize relative url with invalid accept header as png", + "with contentDispositionType inline Production Mode Server support with next.config.js should resize relative url with invalid accept header as tiff", + "with contentDispositionType inline Production Mode Server support with next.config.js should return home page", + "with contentDispositionType inline Production Mode Server support with next.config.js should set 304 status without body when etag matches if-none-match", + "with contentDispositionType inline Production Mode Server support with next.config.js should use cache and stale-while-revalidate when query is the same for external image", + "with contentDispositionType inline Production Mode Server support with next.config.js should use cache and stale-while-revalidate when query is the same for internal image", + "with contentDispositionType inline Production Mode Server support with next.config.js should use cached image file when parameters are the same for animated gif", + "with contentDispositionType inline dev support with next.config.js should automatically detect image type when content-type is octet-stream", + "with contentDispositionType inline dev support with next.config.js should compress avif smaller than webp at q=100", + "with contentDispositionType inline dev support with next.config.js should compress avif smaller than webp at q=50", + "with contentDispositionType inline dev support with next.config.js should compress avif smaller than webp at q=75", + "with contentDispositionType inline dev support with next.config.js should downlevel avif format to jpeg for old Safari", + "with contentDispositionType inline dev support with next.config.js should downlevel webp format to jpeg for old Safari", + "with contentDispositionType inline dev support with next.config.js should emit blur svg when width is 8 in dev but not prod", + "with contentDispositionType inline dev support with next.config.js should emit blur svg when width is less than 8 in dev but not prod", + "with contentDispositionType inline dev support with next.config.js should error if the image file does not exist", + "with contentDispositionType inline dev support with next.config.js should error if the resource isn't a valid image", + "with contentDispositionType inline dev support with next.config.js should fail when domain is not defined in next.config.js", + "with contentDispositionType inline dev support with next.config.js should fail when internal url is not an image", + "with contentDispositionType inline dev support with next.config.js should fail when q is greater than 100", + "with contentDispositionType inline dev support with next.config.js should fail when q is less than 1", + "with contentDispositionType inline dev support with next.config.js should fail when q is missing", + "with contentDispositionType inline dev support with next.config.js should fail when q is not a number", + "with contentDispositionType inline dev support with next.config.js should fail when url fails to load an image", + "with contentDispositionType inline dev support with next.config.js should fail when url has file protocol", + "with contentDispositionType inline dev support with next.config.js should fail when url has ftp protocol", + "with contentDispositionType inline dev support with next.config.js should fail when url is missing", + "with contentDispositionType inline dev support with next.config.js should fail when w is 0", + "with contentDispositionType inline dev support with next.config.js should fail when w is less than 0", + "with contentDispositionType inline dev support with next.config.js should fail when w is missing", + "with contentDispositionType inline dev support with next.config.js should fail when w is not a number", + "with contentDispositionType inline dev support with next.config.js should fail when width is not in next.config.js", + "with contentDispositionType inline dev support with next.config.js should handle concurrent requests", + "with contentDispositionType inline dev support with next.config.js should handle non-ascii characters in image url", + "with contentDispositionType inline dev support with next.config.js should maintain animated gif", + "with contentDispositionType inline dev support with next.config.js should maintain animated png", + "with contentDispositionType inline dev support with next.config.js should maintain animated png 2", + "with contentDispositionType inline dev support with next.config.js should maintain animated webp", + "with contentDispositionType inline dev support with next.config.js should maintain bmp", + "with contentDispositionType inline dev support with next.config.js should maintain ico format", + "with contentDispositionType inline dev support with next.config.js should maintain jpg format for old Safari", + "with contentDispositionType inline dev support with next.config.js should maintain png format for old Safari", + "with contentDispositionType inline dev support with next.config.js should normalize invalid status codes", + "with contentDispositionType inline dev support with next.config.js should not allow svg with application header", + "with contentDispositionType inline dev support with next.config.js should not allow svg with comma header", + "with contentDispositionType inline dev support with next.config.js should not allow svg with uppercase header", + "with contentDispositionType inline dev support with next.config.js should not allow vector svg", + "with contentDispositionType inline dev support with next.config.js should not resize if requested width is larger than original source image", + "with contentDispositionType inline dev support with next.config.js should resize absolute url from localhost", + "with contentDispositionType inline dev support with next.config.js should resize relative url and new Chrome accept header as avif", + "with contentDispositionType inline dev support with next.config.js should resize relative url and old Chrome accept header as webp", + "with contentDispositionType inline dev support with next.config.js should resize relative url and png accept header", + "with contentDispositionType inline dev support with next.config.js should resize relative url and webp Firefox accept header", + "with contentDispositionType inline dev support with next.config.js should resize relative url with invalid accept header as gif", + "with contentDispositionType inline dev support with next.config.js should resize relative url with invalid accept header as png", + "with contentDispositionType inline dev support with next.config.js should resize relative url with invalid accept header as tiff", + "with contentDispositionType inline dev support with next.config.js should return home page", + "with contentDispositionType inline dev support with next.config.js should set 304 status without body when etag matches if-none-match", + "with contentDispositionType inline dev support with next.config.js should set cache-control to immutable for static images", + "with contentDispositionType inline dev support with next.config.js should use cache and stale-while-revalidate when query is the same for external image", + "with contentDispositionType inline dev support with next.config.js should use cache and stale-while-revalidate when query is the same for internal image", + "with contentDispositionType inline dev support with next.config.js should use cached image file when parameters are the same for animated gif" + ], + "failed": [ + "with contentDispositionType inline Production Mode Server support w/o next.config.js should set cache-control to immutable for static images", + "with contentDispositionType inline Production Mode Server support with next.config.js should set cache-control to immutable for static images" ], "pending": [], "flakey": [],