Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: fs serve only edit pathname (fixes #9148) #9173

Merged
merged 2 commits into from
Jul 18, 2022

Conversation

sapphi-red
Copy link
Member

@sapphi-red sapphi-red commented Jul 17, 2022

Description

I should have only encode/decode pathname and leave other parts as-is.
#9148 was happening because encodeURIComponent(decodeURIComponent('?')) is %3F.

fixes #9148
refs #8804

Additional context


What is the purpose of this pull request?

  • Bug fix
  • New Feature
  • Documentation update
  • Other

Before submitting the PR, please make sure you do the following

  • Read the Contributing Guidelines.
  • Read the Pull Request Guidelines and follow the Commit Convention.
  • Check that there isn't already a PR that solves the problem the same way to avoid creating a duplicate.
  • Provide a description in this PR that addresses what the PR is solving, or reference the issue that it solves (e.g. fixes #123).
  • Ideally, include relevant tests that fail without this PR but pass with it.

@sapphi-red sapphi-red added p3-minor-bug An edge case that only affects very specific usage (priority) regression The issue only appears after a new release labels Jul 17, 2022
// restrict files outside of `fs.allow`
if (
!ensureServingAccess(
slash(path.resolve(fsPathFromId(url))),
slash(path.resolve(fsPathFromId(pathname))),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A problem here is that vite allows direct access to files with ? in the middle. See

// if we fould postfix exist, we should first try resolving file with postfix. details see #4703.

So if we only check the pathname, we may not hit the correct entry in the safe list (moduleGraph.safeModulesPath). So looks like the full URL needs to be used for ensureServingAccess

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that that issue existed from before. sirv will only return /example when the request URL is /example?file.
So to fix this, IIUC we will need another middleware which does req.url = encodeURIComponent(decodeURI(req.url)) and calls sirv after that.

@patak-dev patak-dev merged commit 28cffc9 into vitejs:main Jul 18, 2022
@sapphi-red sapphi-red deleted the fix/fs-serve-only-edit-pathname branch July 18, 2022 11:38
@sapphi-red sapphi-red mentioned this pull request Apr 30, 2023
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
p3-minor-bug An edge case that only affects very specific usage (priority) regression The issue only appears after a new release
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Unable to load font files referenced in a node_modules CSS file
2 participants