[backport v14]: fix(next/image): fix image-optimizer.ts headers (#82114) (#82178)

Backports:
- #82114

Co-authored-by: Steven <[email protected]>

Author: ztanner

packages/next/src/server/image-optimizer.ts

@@ -594,7 +594,6 @@ export async function fetchInternalImage(
     const mocked = createRequestResponseMocks({
       url: href,
       method: _req.method || 'GET',
-      headers: _req.headers,
       socket: _req.socket,
     })
 

test/integration/image-optimizer/app/pages/api/conditional-cookie.js

@@ -0,0 +1,11 @@
+const pixel =
+  'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNkYPj/HwADBwIAMCbHYQAAAABJRU5ErkJggg=='
+
+export default function handler(req, res) {
+  if (req.headers['cookie']) {
+    res.setHeader('content-type', 'image/png')
+    res.end(Buffer.from(pixel, 'base64'))
+  } else {
+    res.status(401).end('cookie was not found')
+  }
+}

test/integration/image-optimizer/test/util.ts

@@ -264,6 +264,13 @@ export function runTests(ctx) {
     expect(ctx.nextOutput).toContain(animatedWarnText)
   })
 
+  it('should not forward cookie header', async () => {
+    const query = { w: ctx.w, q: 30, url: '/api/conditional-cookie' }
+    const opts = { headers: { accept: 'image/webp', cookie: '1' } }
+    const res = await fetchViaHTTP(ctx.appPort, '/_next/image', query, opts)
+    expect(res.status).toBe(400)
+  })
+
   if (ctx.dangerouslyAllowSVG) {
     it('should maintain vector svg', async () => {
       const query = { w: ctx.w, q: 90, url: '/test.svg' }