How are you?
I have a question regarding the header referrer. In a pentest analysis to my app in nextjs I was told that it is allowing to pass a different header referrer to the allowed ones. For which I must implement a white list that does not allow access to resources if the referrer header is different.
I leave an image of the observation
Do you know how I could implement this validation from NextJs?
I would ask that you front your app with a layer than implementing NextJS for referrer whitelisting, you could utilize a CDN or a Nginx proxy
If these are not options, then you could build a custom nextjs server
https://nextjs.org/docs/advanced-features/custom-server and then look at the req object to make your responses conditional, i.e send to a 403 page.
