What?

This PR adds a new secure option to the rewrites configuration, specifically for external rewrites (those with destination starting with http:// or https://). This option allows developers to control whether the proxy should verify SSL certificates when proxying requests to external destinations.

Why?

This change addresses a long-standing issue where Next.js users couldn't proxy to servers with self-signed certificates in development environments. The original issue #48117 and subsequent discussion #49546 highlight this need, where developers working with local development servers using self-signed certificates were unable to use Next.js's rewrite functionality.

How?

1. Added a new secure field to the Rewrite type in multiple locations:

   • next-core/src/next_config.rs
   • packages/next/src/lib/load-custom-routes.ts
   • packages/next/src/server/config-schema.ts

2. Updated the proxy request handling to respect this option:

   • Modified proxyRequest function to accept the secure parameter
   • Updated route resolution to pass through the secure option
   • Added proper type definitions and schema validation

3. Added comprehensive documentation:

   • Updated the rewrites documentation with the new option
   • Added examples showing both secure and insecure configurations
   • Clarified that this option only applies to external rewrites

Example Usage

// next.config.js
module.exports = {
  async rewrites() {
    return [
      {
        source: '/api/:path*',
        destination: 'https://localhost:3001/:path*',
        secure: false, // Allow proxying to self-signed cert
      },
    ]
  },
}

Fixes #48117
Fixes #49546