Malformed URLs crash the entire app with a 500 Error

[cmaerz]

Description

When I use a malformed URL like /soga/ibiza% the app crashed with a

 Error [URIError]: URI malformed
    at decodeURI (<anonymous>)
    at middleware (webpack-internal:///(middleware)/./node_modules/next-intl/dist/development/middleware/middleware.js:24:36)
    at Object.middleware$1 (webpack-internal:///(middleware)/./src/middleware.ts:66:12)

I worked it around with the following portion in middleware.ts

try {
    decodeURI(req.nextUrl.pathname);
  } catch (e) {
    return new Response(new Blob(), { status: 404 });
  }

It also reproducible on the demo Repos :D

Verifications

• [X] I've verified that the problem I'm experiencing isn't covered in the docs.
• [X] I've searched for similar, existing issues on GitHub and Stack Overflow.
• [X] I've compared my app to a working example to look for differences.

Mandatory reproduction URL

https://next-intl-bug-repro-app-router.vercel.app/en/asdafa%

Reproduction description

Steps to reproduce:

1. Enter a Url Like /en/ibiza%
2. See the Error

Expected behaviour

Returns a 404, like NextJS normally does.

[amannn]

Thanks for the report! After some local testing I found that Next.js might also return a 400 status code, maybe depending on if you have a segment like /[locale] where it tries to extract a segment from the pathname.

I've set up https://github.com/amannn/next-intl/pull/1353/ where the invalid request is simply forwarded, letting Next.js handle it. As far as I can tell, in invalid pathname never reaches the app, but is caught by the error handling of Next.js at some level.

Does that sound reasonable to you?

[cmaerz]

Sounds good! Thanks!

Schöne Grüße in die Berge :)

[amannn]

Will be out in a minute, schöne Grüße retour! 😄