Update middleware combination example to prevent unintended backend execution

[tusharpandey13]

Overview

The existing documentation example in EXAMPLES.md for combining middleware advised copying all headers from the auth0.middleware response (authResponse) to the final response. This includes the x-middleware-next header, which Next.js uses as a signal to always forward the request to the backend application, regardless of the middleware's response status (e.g., 401 Unauthorized).

This behavior leads to a vulnerability where even if custom middleware logic correctly identifies an unauthenticated user and attempts to block the request with a 401 response, the presence of the copied x-middleware-next header causes Next.js to still execute the backend route handler. This could expose page data or allow unintended execution of backend logic for unauthenticated users.

Changes

This PR updates the EXAMPLES.md file to mitigate this issue:
Added a warning block and code sample.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.05%. Comparing base (c44432c) to head (bc9b5c1).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2076   +/-   ##
=======================================
  Coverage   82.05%   82.05%           
=======================================
  Files          21       21           
  Lines        1967     1967           
  Branches      343      343           
=======================================
  Hits         1614     1614           
  Misses        347      347           
  Partials        6        6           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.