fix(next/image): fix image-optimizer.ts headers (#82114)

[MitchLewis930]

PR_032

[greptile-apps]

Greptile Overview

Greptile Summary

This PR fixes a security issue where HTTP headers (including cookies) were being forwarded to internal image optimization endpoints. The change removes the headers: _req.headers parameter from createRequestResponseMocks() in fetchInternalImage(), aligning its behavior with fetchExternalImage() which never forwarded headers.

Key changes:

• Removed header forwarding in packages/next/src/server/image-optimizer.ts:637 to prevent cookie leakage
• Added test endpoint conditional-cookie.js that only serves images when cookies are present
• Added regression test verifying cookies are not forwarded (expects 400 status)

Security impact: This prevents authentication credentials from being inadvertently passed to internal image routes that shouldn't receive them, closing a potential information disclosure vulnerability.

Confidence Score: 5/5

• This PR is safe to merge - it fixes a security vulnerability with proper test coverage
• The change is minimal (removing one line), well-tested with a regression test, and addresses a legitimate security concern by preventing cookie forwarding to internal image endpoints. The fix aligns internal and external image handling behavior.
• No files require special attention

Important Files Changed

Filename	Overview
packages/next/src/server/image-optimizer.ts	Removed headers forwarding from fetchInternalImage to prevent cookie leakage to internal image routes
test/integration/image-optimizer/app/pages/api/conditional-cookie.js	Added test endpoint that conditionally returns image based on cookie presence
test/integration/image-optimizer/test/util.ts	Added test case verifying cookies are not forwarded to internal image endpoints

Sequence Diagram

sequenceDiagram
    participant Client
    participant ImageOptimizer
    participant fetchInternalImage
    participant MockRequest
    participant InternalAPI

    Client->>ImageOptimizer: Request internal image with Cookie header
    ImageOptimizer->>fetchInternalImage: Process internal image (href, req, res)
    Note over fetchInternalImage: BEFORE: headers forwarded<br/>AFTER: headers NOT forwarded
    fetchInternalImage->>MockRequest: createRequestResponseMocks({url, method, socket})
    Note over MockRequest: Creates mock without headers parameter
    MockRequest->>InternalAPI: Internal request WITHOUT Cookie
    InternalAPI-->>MockRequest: Response (401 if no cookie expected)
    MockRequest-->>fetchInternalImage: Return image data
    fetchInternalImage-->>ImageOptimizer: ImageUpstream
    ImageOptimizer-->>Client: Optimized image or error

Loading

[greptile-apps]

_{3 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}