Skip to content

Commit

Permalink
fix: fs deny for case insensitive
Browse files Browse the repository at this point in the history
  • Loading branch information
patak-dev committed Jan 19, 2024
1 parent 494f36b commit a26c87d
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 3 deletions.
5 changes: 4 additions & 1 deletion packages/vite/src/node/server/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -452,7 +452,10 @@ export async function createServer(
_importGlobMap: new Map(),
_forceOptimizeOnRestart: false,
_pendingRequests: new Map(),
_fsDenyGlob: picomatch(config.server.fs.deny, { matchBase: true })
_fsDenyGlob: picomatch(config.server.fs.deny, {
matchBase: true,
nocase: true
})
}

server.transformIndexHtml = createDevHtmlTransformFn(server)
Expand Down
8 changes: 7 additions & 1 deletion playground/fs-serve/__tests__/fs-serve.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,13 @@ describe.runIf(isServe)('main', () => {
})

test('denied', async () => {
expect(await page.textContent('.unsafe-dotenv')).toBe('404')
expect(await page.textContent('.unsafe-dotenv')).toBe('403')
})

test('denied EnV casing', async () => {
// It is 403 in case insensitive system, 404 in others
const code = await page.textContent('.unsafe-dotEnV-casing')
expect(code === '403' || code === '404').toBeTruthy()
})
})

Expand Down
12 changes: 11 additions & 1 deletion playground/fs-serve/root/src/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ <h2>Nested Entry</h2>

<h2>Denied</h2>
<pre class="unsafe-dotenv"></pre>
<pre class="unsafe-dotEnV-casing"></pre>

<script type="module">
import '../../entry'
Expand Down Expand Up @@ -202,14 +203,23 @@ <h2>Denied</h2>
})

// .env, denied by default
fetch('/@fs/' + ROOT + '/root/.env')
fetch('/@fs/' + ROOT + '/root/src/.env')
.then((r) => {
text('.unsafe-dotenv', r.status)
})
.catch((e) => {
console.error(e)
})

// .env, for case insensitive file systems
fetch('/@fs/' + ROOT + '/root/src/.EnV')
.then((r) => {
text('.unsafe-dotEnV-casing', r.status)
})
.catch((e) => {
console.error(e)
})

function text(sel, text) {
document.querySelector(sel).textContent = text
}
Expand Down

0 comments on commit a26c87d

Please sign in to comment.