I am encountering an error related to the OWASP Core Rule Set (CRS) when working with the next-auth library for authentication in my application. The error message is as follows:
Signature: owasp-crs-v030301-id942421-sqli
Description: Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)
I believe this issue is related to the next-auth.callback-url, which is set to http%3A%2F%2Flocalhost%2F. The encoded URL seems to be triggering the SQL character anomaly detection rules in OWASP CRS.
Context
- Framework: Next.js
- Authentication Library: next-auth
How can I properly configure my application to avoid this false positive detection by OWASP CRS while still using the next-auth callback URL?