Allow "plain text" images when blocking vulnerable non-image responses (#9824)

petebacondarwin · web-flow · commit 810470555f49 · 2025-07-03T03:06:13.000Z
diff --git a/.changeset/fluffy-comics-study.md b/.changeset/fluffy-comics-study.md
@@ -0,0 +1,5 @@
+---
+"@cloudflare/workers-shared": patch
+---
+
+Allow "plain text" images when blocking vulnerable non-image responses
diff --git a/packages/workers-shared/router-worker/src/worker.ts b/packages/workers-shared/router-worker/src/worker.ts
@@ -132,10 +132,12 @@ export default {
 
 					if (shouldBlockNonImageResponse) {
 						const resp = await env.USER_WORKER.fetch(maybeSecondRequest);
-						if (
-							!resp.headers.get("content-type")?.startsWith("image/") &&
-							resp.status !== 304
-						) {
+						const isImage = resp.headers
+							.get("content-type")
+							?.startsWith("image/");
+						const isPlainText =
+							resp.headers.get("content-type") === "text/plain";
+						if (!isImage && !isPlainText && resp.status !== 304) {
 							analytics.setData({ abuseMitigationBlocked: true });
 							return new Response("Blocked", { status: 403 });
 						}
diff --git a/packages/workers-shared/router-worker/tests/index.test.ts b/packages/workers-shared/router-worker/tests/index.test.ts
@@ -247,123 +247,143 @@ describe("unit tests", async () => {
 		expect(await response.text()).toEqual("hello from user worker");
 	});
 
-	it.each([
-		{
-			description:
-				"blocks /_next/image requests with remote URLs when not fetched as image",
-			url: "https://example.com/_next/image?url=https://evil.com/ssrf",
-		},
-		{
-			description:
-				"blocks /_next/image requests with remote URLs when not fetched as image for next apps host not at the root",
-			url: "https://example.com/some/subpath/_next/image?url=https://evil.com/ssrf",
-		},
-	])("$description", async ({ url }) => {
-		const request = new Request(url);
-		const ctx = createExecutionContext();
-
-		const env = {
-			CONFIG: {
-				has_user_worker: true,
-				invoke_user_worker_ahead_of_assets: true,
-			},
-			USER_WORKER: {
-				async fetch(_: Request): Promise<Response> {
-					return new Response("<!DOCTYPE html><html></html>", {
+	describe.each(["/some/subpath/", "/"])(
+		"blocking /_next/image requests hosted at %s with remote URLs",
+		(subpath) => {
+			it("blocks /_next/image requests with remote URLs when not fetched as image", async () => {
+				const request = new Request(
+					`https://example.com${subpath}_next/image?url=https://evil.com/ssrf`
+				);
+				const ctx = createExecutionContext();
+
+				const env = {
+					CONFIG: {
+						has_user_worker: true,
+						invoke_user_worker_ahead_of_assets: true,
+					},
+					USER_WORKER: {
+						async fetch(_: Request): Promise<Response> {
+							return new Response("<!DOCTYPE html><html></html>", {
+								headers: { "content-type": "text/html" },
+							});
+						},
+					},
+				} as Env;
+
+				const response = await worker.fetch(request, env, ctx);
+				expect(response.status).toBe(403);
+				expect(await response.text()).toBe("Blocked");
+			});
+
+			it.each([
+				{
+					description:
+						"allows /_next/image requests with remote URLs when fetched as image",
+					url: `https://example.com${subpath}_next/image?url=https://example.com/image.jpg`,
+					headers: { "sec-fetch-dest": "image" } as HeadersInit,
+					userWorkerResponse: {
+						body: "fake image data",
+						headers: { "content-type": "image/jpeg" },
+						status: 200,
+					},
+					expectedStatus: 200,
+					expectedBody: "fake image data",
+				},
+				{
+					description:
+						"allows /_next/image requests with remote URLs that have content type starting with image/...",
+					url: `https://example.com${subpath}_next/image?url=https://example.com/image.jpg`,
+					userWorkerResponse: {
+						body: "fake image data",
+						headers: { "content-type": "image/jpeg" },
+						status: 200,
+					},
+					expectedStatus: 200,
+					expectedBody: "fake image data",
+				},
+				{
+					description:
+						"allows /_next/image requests with remote URLs that have content type text/plain",
+					url: `https://example.com${subpath}_next/image?url=https://example.com/image.jpg`,
+					userWorkerResponse: {
+						body: "fake image data",
+						headers: { "content-type": "text/plain" },
+						status: 200,
+					},
+					expectedStatus: 200,
+					expectedBody: "fake image data",
+				},
+				{
+					description:
+						"allows /_next/image with remote URL and image header regardless of response content",
+					url: `https://example.com${subpath}_next/image?url=https://example.com/image.jpg`,
+					headers: { "sec-fetch-dest": "image" } as HeadersInit,
+					userWorkerResponse: {
+						body: "<!DOCTYPE html><html></html>",
 						headers: { "content-type": "text/html" },
-					});
-				},
-			},
-		} as Env;
-
-		const response = await worker.fetch(request, env, ctx);
-		expect(response.status).toBe(403);
-		expect(await response.text()).toBe("Blocked");
-	});
-
-	it.each([
-		{
-			description:
-				"allows /_next/image requests with remote URLs when fetched as image",
-			url: "https://example.com/_next/image?url=https://example.com/image.jpg",
-			headers: { "sec-fetch-dest": "image" } as HeadersInit,
-			userWorkerResponse: {
-				body: "fake image data",
-				headers: { "content-type": "image/jpeg" },
-				status: 200,
-			},
-			expectedStatus: 200,
-			expectedBody: "fake image data",
-		},
-		{
-			description:
-				"allows /_next/image with remote URL and image header regardless of response content",
-			url: "https://example.com/_next/image?url=https://example.com/image.jpg",
-			headers: { "sec-fetch-dest": "image" } as HeadersInit,
-			userWorkerResponse: {
-				body: "<!DOCTYPE html><html></html>",
-				headers: { "content-type": "text/html" },
-				status: 200,
-			},
-			expectedStatus: 200,
-			expectedBody: "<!DOCTYPE html><html></html>",
-		},
-		{
-			description: "allows /_next/image requests with local URLs",
-			url: "https://example.com/_next/image?url=/local/image.jpg",
-			headers: {} as HeadersInit,
-			userWorkerResponse: {
-				body: "local image data",
-				headers: { "content-type": "image/jpeg" },
-				status: 200,
-			},
-			expectedStatus: 200,
-			expectedBody: "local image data",
-		},
-		{
-			description: "allows /_next/image requests with 304 status",
-			url: "https://example.com/_next/image?url=https://example.com/image.jpg",
-			headers: {} as HeadersInit,
-			userWorkerResponse: {
-				body: null,
-				headers: { "content-type": "text/html" },
-				status: 304,
-			},
-			expectedStatus: 304,
-			expectedBody: null,
-		},
-	])(
-		"$description",
-		async ({
-			url,
-			headers,
-			userWorkerResponse,
-			expectedStatus,
-			expectedBody,
-		}) => {
-			const request = new Request(url, { headers });
-			const ctx = createExecutionContext();
-
-			const env = {
-				CONFIG: {
-					has_user_worker: true,
-					invoke_user_worker_ahead_of_assets: true,
-				},
-				USER_WORKER: {
-					async fetch(_: Request): Promise<Response> {
-						return new Response(userWorkerResponse.body, {
-							status: userWorkerResponse.status,
-							headers: userWorkerResponse.headers,
-						});
+						status: 200,
 					},
-				},
-			} as Env;
-
-			const response = await worker.fetch(request, env, ctx);
-			expect(response.status).toBe(expectedStatus);
-			if (expectedBody !== null) {
-				expect(await response.text()).toBe(expectedBody);
-			}
+					expectedStatus: 200,
+					expectedBody: "<!DOCTYPE html><html></html>",
+				},
+				{
+					description: "allows /_next/image requests with local URLs",
+					url: `https://example.com${subpath}_next/image?url=/local/image.jpg`,
+					headers: {} as HeadersInit,
+					userWorkerResponse: {
+						body: "local image data",
+						headers: { "content-type": "image/jpeg" },
+						status: 200,
+					},
+					expectedStatus: 200,
+					expectedBody: "local image data",
+				},
+				{
+					description: "allows /_next/image requests with 304 status",
+					url: `https://example.com${subpath}_next/image?url=https://example.com/image.jpg`,
+					headers: {} as HeadersInit,
+					userWorkerResponse: {
+						body: null,
+						headers: { "content-type": "text/html" },
+						status: 304,
+					},
+					expectedStatus: 304,
+					expectedBody: null,
+				},
+			])(
+				"$description",
+				async ({
+					url,
+					headers,
+					userWorkerResponse,
+					expectedStatus,
+					expectedBody,
+				}) => {
+					const request = new Request(url, { headers });
+					const ctx = createExecutionContext();
+
+					const env = {
+						CONFIG: {
+							has_user_worker: true,
+							invoke_user_worker_ahead_of_assets: true,
+						},
+						USER_WORKER: {
+							async fetch(_: Request): Promise<Response> {
+								return new Response(userWorkerResponse.body, {
+									status: userWorkerResponse.status,
+									headers: userWorkerResponse.headers,
+								});
+							},
+						},
+					} as Env;
+
+					const response = await worker.fetch(request, env, ctx);
+					expect(response.status).toBe(expectedStatus);
+					if (expectedBody !== null) {
+						expect(await response.text()).toBe(expectedBody);
+					}
+				}
+			);
 		}
 	);
 

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@cloudflare/workers-shared": patch
 +---
++
 +Allow "plain text" images when blocking vulnerable non-image responses