Skip to content

Commit 91641c4

Browse files
patak-devpatak-dev
committed
fix: fs deny for case insensitive systems (#15653)
1 parent ef89f80 commit 91641c4

File tree

4 files changed

+33
-4
lines changed

4 files changed

+33
-4
lines changed

packages/vite/src/node/server/index.ts

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -617,7 +617,10 @@ export async function _createServer(
617617
_importGlobMap: new Map(),
618618
_forceOptimizeOnRestart: false,
619619
_pendingRequests: new Map(),
620-
_fsDenyGlob: picomatch(config.server.fs.deny, { matchBase: true }),
620+
_fsDenyGlob: picomatch(config.server.fs.deny, {
621+
matchBase: true,
622+
nocase: true,
623+
}),
621624
_shortcutsOptions: undefined,
622625
}
623626

playground/fs-serve/__tests__/base/fs-serve-base.spec.ts

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,13 @@ describe.runIf(isServe)('main', () => {
9292
})
9393

9494
test('denied', async () => {
95-
expect(await page.textContent('.unsafe-dotenv')).toBe('404')
95+
expect(await page.textContent('.unsafe-dotenv')).toBe('403')
96+
})
97+
98+
test('denied EnV casing', async () => {
99+
// It is 403 in case insensitive system, 404 in others
100+
const code = await page.textContent('.unsafe-dotEnV-casing')
101+
expect(code === '403' || code === '404').toBeTruthy()
96102
})
97103
})
98104

playground/fs-serve/__tests__/fs-serve.spec.ts

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,13 @@ describe.runIf(isServe)('main', () => {
9292
})
9393

9494
test('denied', async () => {
95-
expect(await page.textContent('.unsafe-dotenv')).toBe('404')
95+
expect(await page.textContent('.unsafe-dotenv')).toBe('403')
96+
})
97+
98+
test('denied EnV casing', async () => {
99+
// It is 403 in case insensitive system, 404 in others
100+
const code = await page.textContent('.unsafe-dotEnV-casing')
101+
expect(code === '403' || code === '404').toBeTruthy()
96102
})
97103
})
98104

playground/fs-serve/root/src/index.html

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@ <h2>Nested Entry</h2>
4545

4646
<h2>Denied</h2>
4747
<pre class="unsafe-dotenv"></pre>
48+
<pre class="unsafe-dotEnV-casing"></pre>
4849

4950
<script type="module">
5051
import '../../entry'
@@ -236,14 +237,27 @@ <h2>Denied</h2>
236237
})
237238

238239
// .env, denied by default
239-
fetch(joinUrlSegments(base, joinUrlSegments('/@fs/', ROOT) + '/root/.env'))
240+
fetch(
241+
joinUrlSegments(base, joinUrlSegments('/@fs/', ROOT) + '/root/src/.env'),
242+
)
240243
.then((r) => {
241244
text('.unsafe-dotenv', r.status)
242245
})
243246
.catch((e) => {
244247
console.error(e)
245248
})
246249

250+
// .env, for case insensitive file systems
251+
fetch(
252+
joinUrlSegments(base, joinUrlSegments('/@fs/', ROOT) + '/root/src/.EnV'),
253+
)
254+
.then((r) => {
255+
text('.unsafe-dotEnV-casing', r.status)
256+
})
257+
.catch((e) => {
258+
console.error(e)
259+
})
260+
247261
function text(sel, text) {
248262
document.querySelector(sel).textContent = text
249263
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy