missing and has in middleware.ts

[madfcat]

Summary

Question

I am getting weird issue where my middleware config still shoots on the requests which have certain header.
Can you explain in details how missing and has work?

export const config = {
	matcher: [
		{
			source:
				"/((?!_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
			missing: [
				{
					type: "header",
					key: "Authorization",
					value: `Bearer ${process.env.INTERNAL_API_TOKEN}`,
				},
			],
		},
	],
};

The middleware should only run for non-static assets and at the same time not having certain value for Authorization header.

Additional information

No response

Example

No response

[gavacq]

Its likely because this matcher contains a variable which is not allowed. Next needs to be able to statically analyze the matcher: #38461

[Raymond-Ly]

If you want the middleware to run only if the request does NOT have the exact Authorization header, modify your matcher like this:

export const config = {
  matcher: [
    {
      source: "/((?!_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
      missing: [
        {
          type: "header",
          key: "Authorization",
        },
      ],
    },
    {
      source: "/((?!_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
      has: [
        {
          type: "header",
          key: "Authorization",
          value: `^(?!Bearer ${process.env.INTERNAL_API_TOKEN}).*`,
        },
      ],
    },
  ],
};

missing: Triggers the middleware if the Authorization header is completely absent.
has: Triggers the middleware if the Authorization header is present but has an incorrect value.