From 4afa16debe414e3d2dffad67a9d41437e8e8f2fb Mon Sep 17 00:00:00 2001 From: patak-js Date: Fri, 22 Oct 2021 12:22:54 +0200 Subject: [PATCH] fix: ensure working --- .../playground/fs-serve/__tests__/fs-serve.spec.ts | 4 ++-- packages/vite/src/node/server/middlewares/static.ts | 13 +++++-------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/packages/playground/fs-serve/__tests__/fs-serve.spec.ts b/packages/playground/fs-serve/__tests__/fs-serve.spec.ts index 49d0ffd0d57bf7..c3d8ee9a9bf911 100644 --- a/packages/playground/fs-serve/__tests__/fs-serve.spec.ts +++ b/packages/playground/fs-serve/__tests__/fs-serve.spec.ts @@ -24,8 +24,8 @@ describe('main', () => { }) test('unsafe fetch', async () => { - expect(await page.textContent('.unsafe-fetch')).toBe('') - expect(await page.textContent('.unsafe-fetch-status')).toBe('404') // TODO: should be 403 + expect(await page.textContent('.unsafe-fetch')).toMatch('403 Restricted') + expect(await page.textContent('.unsafe-fetch-status')).toBe('403') }) test('safe fs fetch', async () => { diff --git a/packages/vite/src/node/server/middlewares/static.ts b/packages/vite/src/node/server/middlewares/static.ts index f3dc8fe6fc3820..5a44a3d5303c7a 100644 --- a/packages/vite/src/node/server/middlewares/static.ts +++ b/packages/vite/src/node/server/middlewares/static.ts @@ -82,15 +82,12 @@ export function serveStaticMiddleware( } const resolvedUrl = redirected || url - const fileUrl = path.resolve( - dir, - resolvedUrl.startsWith('/') ? resolvedUrl.slice(1) : resolvedUrl - ) - // TODO: should use ensureServingAccess(fileUrl, server), so we get a 403 - if (!isFileServingAllowed(fileUrl, server)) { - return next() + let fileUrl = path.resolve(dir, resolvedUrl.replace(/^\//, '')) + if (resolvedUrl.endsWith('/') && !fileUrl.endsWith('/')) { + fileUrl = fileUrl + '/' } - + ensureServingAccess(fileUrl, server) + if (redirected) { req.url = redirected }