Skip to content

Commit

Permalink
fix: revert to workaround
Browse files Browse the repository at this point in the history
  • Loading branch information
@patak-dev
patak-dev committed Oct 22, 2021
1 parent d2ef1bc commit 16cf302
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 14 deletions.
2 changes: 1 addition & 1 deletion packages/playground/fs-serve/__tests__/fs-serve.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ describe('main', () => {

test('unsafe fetch', async () => {
expect(await page.textContent('.unsafe-fetch')).toBe('')
expect(await page.textContent('.unsafe-fetch-status')).toBe('403')
expect(await page.textContent('.unsafe-fetch-status')).toBe('404') // TODO: should be 403
})

test('safe fs fetch', async () => {
Expand Down
23 changes: 10 additions & 13 deletions packages/vite/src/node/server/middlewares/static.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,12 +82,13 @@ export function serveStaticMiddleware(
}

const resolvedUrl = redirected || url
const fileUrl = path.resolve(dir, resolvedUrl.startsWith('/') ? resolvedUrl.slice(1) : resolvedUrl)
const fileUrl = path.resolve(
dir,
resolvedUrl.startsWith('/') ? resolvedUrl.slice(1) : resolvedUrl
)
// TODO: should use ensureServingAccess(fileUrl, server), so we get a 403
if (!isFileServingAllowed(fileUrl, server)) {
res.statusCode = 403
res.write(renderErrorHTML(fsServeErrorMessage(fileUrl, server)))
res.end()
return
return next()
}

if (redirected) {
Expand Down Expand Up @@ -151,17 +152,13 @@ export function isFileServingAllowed(
return false
}

function fsServeErrorMessage(url: string, server: ViteDevServer) {
export function ensureServingAccess(url: string, server: ViteDevServer): void {
const allow = server.config.server.fs.allow
return `The request url "${url}" is outside of Vite serving allow list:
if (!isFileServingAllowed(url, server)) {
throw new AccessRestrictedError(`The request url "${url}" is outside of Vite serving allow list:
${allow.map((i) => `- ${i}`).join('\n')}
Refer to docs https://vitejs.dev/config/#server-fs-allow for configurations and more details.`
}

export function ensureServingAccess(url: string, server: ViteDevServer): void {
if (!isFileServingAllowed(url, server)) {
throw new AccessRestrictedError(fsServeErrorMessage(url, server))
Refer to docs https://vitejs.dev/config/#server-fs-allow for configurations and more details.`)
}
}

0 comments on commit 16cf302

Please sign in to comment.