VIBECODED fix voor #164 (#181)

This pull request makes minor adjustments to improve file handling and
security checks in the codebase. The changes focus on updating file
extension matching and expanding the list of blocked redirect paths.

Improvements to file handling:

* Updated the file extension matching in `src/proxy.ts` to include
`.json` files, ensuring that requests for JSON files are properly
handled or filtered.

Security enhancements:

* Added `/manifest.json` to the list of blocked redirect paths in
`src/utils/auth/redirect.ts` to prevent potential security issues with
redirects to this file.

Author: seanscodes

src/proxy.ts

@@ -12,7 +12,9 @@ export async function proxy(request: NextRequest) {
     pathname.startsWith("/_next") ||
     // pathname.startsWith("/api") ||
     pathname === "/favicon.ico" ||
-    /\.(css|js|ts|tsx|jsx|woff2?|ttf|png|jpg|jpeg|gif|svg|webmanifest)$/.test(pathname) ||
+    // AI CODE START
+    /\.(css|js|ts|tsx|jsx|woff2?|ttf|png|jpg|jpeg|gif|svg|webmanifest|json)$/.test(pathname) ||
+    // AI CODE END
     request.headers.get("purpose") === "prefetch" ||
     request.headers.get("Next-Router-Prefetch") === "1" ||
     request.headers.get("RSC") === "1" ||

src/utils/auth/redirect.ts

@@ -27,7 +27,9 @@ export function getValidRedirectPath(path: string | null | undefined): string {
     }
 
     // Blacklist certain paths for security
-    const blockedPaths = ['/api/', '/auth/sign-out'];
+    // AI CODE START
+    const blockedPaths = ['/api/', '/auth/sign-out', '/manifest.json'];
+    // AI CODE END
     if (blockedPaths.some(blocked => path.startsWith(blocked))) {
         return defaultPath;
     }