From dcf88ed01df2c26e0c93a41e1a2a840076d8247e Mon Sep 17 00:00:00 2001 From: GatsbyJS Bot Date: Wed, 29 Mar 2023 07:45:09 -0400 Subject: [PATCH] fix(gatsby-plugin-sharp): don't serve static assets that are not result of currently triggered deferred job (#37796) (#37802) * fix(gatsby-plugin-sharp): don't serve static assets that are not result of currently triggered deferred job (#37796) * add tests * fix(gatsby-plugin-sharp): don't serve static assets that are not result of currently triggered deferred job (cherry picked from commit 6539860a588e3cdd17b77e7bcd98d61cbf1e2d20) * ignore browserlist update prompt * fix ignore --------- Co-authored-by: Michal Piechowiak --- e2e-tests/development-runtime/SHOULD_NOT_SERVE | 1 + e2e-tests/development-runtime/package.json | 5 +++-- e2e-tests/production-runtime/SHOULD_NOT_SERVE | 1 + e2e-tests/production-runtime/package.json | 3 ++- packages/gatsby-plugin-sharp/src/gatsby-node.js | 12 ++++++++---- packages/gatsby-plugin-sharp/src/index.js | 2 +- .../gatsby/cache-dir/__tests__/minimal-config.js | 9 +++++++++ 7 files changed, 25 insertions(+), 8 deletions(-) create mode 100644 e2e-tests/development-runtime/SHOULD_NOT_SERVE create mode 100644 e2e-tests/production-runtime/SHOULD_NOT_SERVE diff --git a/e2e-tests/development-runtime/SHOULD_NOT_SERVE b/e2e-tests/development-runtime/SHOULD_NOT_SERVE new file mode 100644 index 0000000000000..73068df3213cb --- /dev/null +++ b/e2e-tests/development-runtime/SHOULD_NOT_SERVE @@ -0,0 +1 @@ +this file shouldn't be allowed to be served diff --git a/e2e-tests/development-runtime/package.json b/e2e-tests/development-runtime/package.json index 41a221ee0cf77..2a496349ce57b 100644 --- a/e2e-tests/development-runtime/package.json +++ b/e2e-tests/development-runtime/package.json @@ -32,7 +32,7 @@ "license": "MIT", "scripts": { "build": "gatsby build", - "develop": "cross-env CYPRESS_SUPPORT=y ENABLE_GATSBY_REFRESH_ENDPOINT=true GATSBY_EXPERIMENTAL_QUERY_ON_DEMAND=y gatsby develop", + "develop": "cross-env CYPRESS_SUPPORT=y ENABLE_GATSBY_REFRESH_ENDPOINT=true GATSBY_EXPERIMENTAL_QUERY_ON_DEMAND=y GATSBY_ENABLE_LAZY_IMAGES_IN_CI=y gatsby develop", "serve-static-files": "node ./serve-static-files.mjs", "serve": "gatsby serve", "clean": "gatsby clean", @@ -40,6 +40,7 @@ "start": "npm run develop", "format": "prettier --write \"src/**/*.js\"", "test": "npm run start-server-and-test || (npm run reset && exit 1)", + "test:dir-traversel-access": "! curl -f http://localhost:8000/%2e%2e/SHOULD_NOT_SERVE", "posttest": "npm run reset", "reset": "node scripts/reset.js", "reset:preview": "curl -X POST http://localhost:8000/__refresh", @@ -55,7 +56,7 @@ "playwright:debug": "playwright test --project=chromium --debug", "start-server-and-test:playwright": "start-server-and-test develop http://localhost:8000 serve-static-files http://localhost:8888 playwright", "start-server-and-test:playwright-debug": "start-server-and-test develop http://localhost:8000 serve-static-files http://localhost:8888 playwright:debug", - "combined": "npm run playwright && npm run cy:run", + "combined": "npm run playwright && npm run cy:run && npm run test:dir-traversel-access", "postinstall": "playwright install chromium" }, "devDependencies": { diff --git a/e2e-tests/production-runtime/SHOULD_NOT_SERVE b/e2e-tests/production-runtime/SHOULD_NOT_SERVE new file mode 100644 index 0000000000000..73068df3213cb --- /dev/null +++ b/e2e-tests/production-runtime/SHOULD_NOT_SERVE @@ -0,0 +1 @@ +this file shouldn't be allowed to be served diff --git a/e2e-tests/production-runtime/package.json b/e2e-tests/production-runtime/package.json index 96e03afd7fc4f..09cfba3a0dcb9 100644 --- a/e2e-tests/production-runtime/package.json +++ b/e2e-tests/production-runtime/package.json @@ -36,6 +36,7 @@ "start": "npm run develop", "clean": "gatsby clean", "test": "npm run build && npm run start-server-and-test && npm run test-env-vars", + "test:dir-traversel-access": "! curl -f http://localhost:9000/%2e%2e/SHOULD_NOT_SERVE", "test:offline": "npm run build:offline && yarn start-server-and-test:offline && npm run test-env-vars", "test-env-vars": " node __tests__/env-vars.js", "start-server-and-test": "start-server-and-test serve http://localhost:9000 serve-static-files http://localhost:8888 combined", @@ -51,7 +52,7 @@ "playwright:debug": "playwright test --project=chromium --debug", "start-server-and-test:playwright": "start-server-and-test serve http://localhost:9000 serve-static-files http://localhost:8888 playwright", "start-server-and-test:playwright-debug": "start-server-and-test serve http://localhost:9000 serve-static-files http://localhost:8888 playwright:debug", - "combined": "npm run playwright && npm run cy:run", + "combined": "npm run playwright && npm run cy:run && npm run test:dir-traversel-access", "postinstall": "playwright install chromium" }, "devDependencies": { diff --git a/packages/gatsby-plugin-sharp/src/gatsby-node.js b/packages/gatsby-plugin-sharp/src/gatsby-node.js index 29a5165686b1e..a51eadacc9271 100644 --- a/packages/gatsby-plugin-sharp/src/gatsby-node.js +++ b/packages/gatsby-plugin-sharp/src/gatsby-node.js @@ -33,16 +33,17 @@ exports.onCreateDevServer = async ({ app, cache, reporter }) => { const decodedURI = decodeURIComponent(req.path) const pathOnDisk = path.resolve(path.join(`./public/`, decodedURI)) - if (await pathExists(pathOnDisk)) { - return res.sendFile(pathOnDisk) - } - const jobContentDigest = await cache.get(decodedURI) const cacheResult = jobContentDigest ? await cache.get(jobContentDigest) : null if (!cacheResult) { + // this handler is meant to handle lazy images only (images that were registered for + // processing, but deffered to be processed only on request in develop server). + // If we don't have cache result - it means that this is not lazy image or that + // image was already handled in which case `express.static` handler (that is earlier + // than this handler) should take care of handling request. return next() } @@ -64,6 +65,9 @@ exports.onCreateDevServer = async ({ app, cache, reporter }) => { await removeCachedValue(cache, jobContentDigest) } + // we reach this point only when this is a lazy image that we just processed + // because `express.static` is earlier handler, we do have to manually serve + // produced file for current request return res.sendFile(pathOnDisk) }) } diff --git a/packages/gatsby-plugin-sharp/src/index.js b/packages/gatsby-plugin-sharp/src/index.js index c1fef34709bbc..d7e34c1484d2a 100644 --- a/packages/gatsby-plugin-sharp/src/index.js +++ b/packages/gatsby-plugin-sharp/src/index.js @@ -149,7 +149,7 @@ function createJob(job, { reporter }) { function lazyJobsEnabled() { return ( process.env.gatsby_executing_command === `develop` && - !isCI() && + (!isCI() || process.env.GATSBY_ENABLE_LAZY_IMAGES_IN_CI) && !( process.env.ENABLE_GATSBY_EXTERNAL_JOBS === `true` || process.env.ENABLE_GATSBY_EXTERNAL_JOBS === `1` diff --git a/packages/gatsby/cache-dir/__tests__/minimal-config.js b/packages/gatsby/cache-dir/__tests__/minimal-config.js index bb147b5b49f82..c319bc57ac4a9 100644 --- a/packages/gatsby/cache-dir/__tests__/minimal-config.js +++ b/packages/gatsby/cache-dir/__tests__/minimal-config.js @@ -25,6 +25,15 @@ it(`Builds cache-dir with minimal config`, done => { }) spawn.on(`close`, function () { + stderr = stderr + .replace(`Browserslist: caniuse-lite is outdated. Please run:`, ``) + .replace(`npx update-browserslist-db@latest`, ``) + .replace( + `Why you should do it regularly: https://github.com/browserslist/update-db#readme`, + `` + ) + .trim() + expect(stderr).toEqual(``) expect(stdout).not.toEqual(``) done()