Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: skip fs fallback for out of root urls, fix #3364 #3431

Merged
merged 1 commit into from May 17, 2021
Merged

fix: skip fs fallback for out of root urls, fix #3364 #3431

merged 1 commit into from May 17, 2021

Conversation

patak-dev
Copy link
Member

Description

Fix #3364, and other issues reported that were trying to access /service-worker.js.

This PR reworks the fs fallback check and skips it instead of failing with a security error if the URL results in a file access that is not allowed (ie out of workspace root for the moment, but later it could mean that it is present in a blocklist).

This change only applies when the user sets server.fsServe.strict to true

Additional context

The isFileAccessAllowed function may later contain more logic related to whitelist/blocklist so it is good that is already separated.

What is the purpose of this pull request?

  • Bug fix
  • New Feature
  • Documentation update
  • Other

Before submitting the PR, please make sure you do the following

  • Read the Contributing Guidelines.
  • Read the Pull Request Guidelines and follow the Commit Convention.
  • Check that there isn't already a PR that solves the problem the same way to avoid creating a duplicate.
  • Provide a description in this PR that addresses what the PR is solving, or reference the issue that it solves (e.g. fixes #123).
  • Ideally, include relevant tests that fail without this PR but pass with it.

@patak-dev patak-dev requested review from antfu and underfin May 15, 2021 06:15
@Shinigami92 Shinigami92 added the p3-minor-bug An edge case that only affects very specific usage (priority) label May 15, 2021
@antfu antfu merged commit 19dae99 into vitejs:main May 17, 2021
fi3ework pushed a commit to fi3ework/vite that referenced this pull request May 22, 2021
@patak-dev @fi3ework
fix: skip fs fallback for out of root urls, fix vitejs#3364 (vitejs#3431
14276e4 
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sodatea sodatea sodatea approved these changes

@Shinigami92 Shinigami92 Shinigami92 approved these changes

@antfu antfu antfu approved these changes

@underfin underfin Awaiting requested review from underfin

Assignees
No one assigned
Labels
p3-minor-bug An edge case that only affects very specific usage (priority)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The request url "/api/cv" is outside of vite dev server root
4 participants
@patak-dev @sodatea @Shinigami92 @antfu