From fc3fb6baa179201c8ac20f4313ff97ee55482bd8 Mon Sep 17 00:00:00 2001
From: Steven <steven@ceriously.com>
Date: Sat, 26 Jul 2025 11:06:28 -0400
Subject: [PATCH 1/2] fix(next/image): add failing test

---
 .../app/pages/api/conditional-cookie.js               | 11 +++++++++++
 test/integration/image-optimizer/test/util.ts         |  7 +++++++
 2 files changed, 18 insertions(+)
 create mode 100644 test/integration/image-optimizer/app/pages/api/conditional-cookie.js

diff --git a/test/integration/image-optimizer/app/pages/api/conditional-cookie.js b/test/integration/image-optimizer/app/pages/api/conditional-cookie.js
new file mode 100644
index 0000000000000..f67ce6872504c
--- /dev/null
+++ b/test/integration/image-optimizer/app/pages/api/conditional-cookie.js
@@ -0,0 +1,11 @@
+const pixel =
+  'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNkYPj/HwADBwIAMCbHYQAAAABJRU5ErkJggg=='
+
+export default function handler(req, res) {
+  if (req.headers['cookie']) {
+    res.setHeader('content-type', 'image/png')
+    res.end(Buffer.from(pixel, 'base64'))
+  } else {
+    res.status(401).end('cookie was not found')
+  }
+}
diff --git a/test/integration/image-optimizer/test/util.ts b/test/integration/image-optimizer/test/util.ts
index 2a8c43431e4fb..559222a5398ef 100644
--- a/test/integration/image-optimizer/test/util.ts
+++ b/test/integration/image-optimizer/test/util.ts
@@ -308,6 +308,13 @@ export function runTests(ctx: RunTestsCtx) {
     expect(ctx.nextOutput).toContain(animatedWarnText)
   })
 
+  it('should not forward cookie header', async () => {
+    const query = { w: ctx.w, q: 30, url: '/api/conditional-cookie' }
+    const opts = { headers: { accept: 'image/webp', cookie: '1' } }
+    const res = await fetchViaHTTP(ctx.appPort, '/_next/image', query, opts)
+    expect(res.status).toBe(400)
+  })
+
   if (ctx.nextConfigImages?.dangerouslyAllowSVG) {
     it('should maintain vector svg', async () => {
       const query = { w: ctx.w, q: 90, url: '/test.svg' }

From 00bac067d423fee72a89ad6f6e966a40d7ecde5e Mon Sep 17 00:00:00 2001
From: Steven <steven@ceriously.com>
Date: Sat, 26 Jul 2025 11:07:33 -0400
Subject: [PATCH 2/2] fix(next/image): fix image-optimizer.ts

---
 packages/next/src/server/image-optimizer.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/packages/next/src/server/image-optimizer.ts b/packages/next/src/server/image-optimizer.ts
index aef6ed227f879..0b69e5b3fdd8b 100644
--- a/packages/next/src/server/image-optimizer.ts
+++ b/packages/next/src/server/image-optimizer.ts
@@ -634,7 +634,6 @@ export async function fetchInternalImage(
     const mocked = createRequestResponseMocks({
       url: href,
       method: _req.method || 'GET',
-      headers: _req.headers,
       socket: _req.socket,
     })