Standalone mode runtime remotePattern #77499

itsdapi · 2025-03-25T09:34:24Z

itsdapi
Mar 25, 2025

I know this is a very age question, currently the standalone will inline the remotePattern to server.js. But is there a chance that I could read the remotePattern during runtime?

Things I tried. Manually tamper the server.js file

    "images": {
        "deviceSizes": [640, 750, 828, 1080, 1200, 1920, 2048, 3840],
        "imageSizes": [16, 32, 48, 64, 96, 128, 256, 384],
        "path": "/_next/image",
        "loader": "default",
        "loaderFile": "",
        "domains": [],
        "disableStaticImages": false,
        "minimumCacheTTL": 60,
        "formats": ["image/webp"],
        "dangerouslyAllowSVG": false,
        "contentSecurityPolicy": "script-src 'none'; frame-src 'none'; sandbox;",
        "contentDispositionType": "attachment",
        "remotePatterns": [{"hostname": process.env.HOST}],
        "unoptimized": false
    },

and it did pick up the HOST env and not prevent loading the image.

But what is the downside of it? I know there must be some reason why nextjs not doing this.

Answered by timmypidashev

Mar 25, 2025

On a technical level, there really isn't an issue tampering with the server.js file, as it will never be accessible to clients. However, I would strongly advise against doing so, as next uses these patterns as a security boundary. If you're dynamically changing them, you need to be very careful about validating the environment variables to prevent unintended domains from being allowed. Also, messing with build output files such as server.js can be a maintenance burden, and just isn't the recommended approach. Hope that helps 👍

View full answer

timmypidashev · 2025-03-25T17:15:24Z

timmypidashev
Mar 25, 2025

On a technical level, there really isn't an issue tampering with the server.js file, as it will never be accessible to clients. However, I would strongly advise against doing so, as next uses these patterns as a security boundary. If you're dynamically changing them, you need to be very careful about validating the environment variables to prevent unintended domains from being allowed. Also, messing with build output files such as server.js can be a maintenance burden, and just isn't the recommended approach. Hope that helps 👍

1 reply

itsdapi Apr 8, 2025
Author

Got it. Because our workflow is to build the image in the cicd pipeline and then take the image directly to the testing environment. After all is done it will move to the production environment. So we need the image to be completely customizable throughout different environments.

In the end, we wrote a new entrypoint script to tamper the server.js file and use sed to modify the remotePattern section. Appreciate your explanations👍

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Standalone mode runtime remotePattern #77499

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Standalone mode runtime remotePattern #77499

Uh oh!

itsdapi Mar 25, 2025

Replies: 1 comment · 1 reply

Uh oh!

timmypidashev Mar 25, 2025

Uh oh!

Uh oh!

itsdapi Apr 8, 2025 Author

itsdapi
Mar 25, 2025

Replies: 1 comment 1 reply

timmypidashev
Mar 25, 2025

itsdapi Apr 8, 2025
Author