Skip to content

Commit

Permalink
fix: fs deny for case insensitive systems (#15653)
Browse files Browse the repository at this point in the history
  • Loading branch information
patak-dev committed Jan 19, 2024
1 parent ef89f80 commit 91641c4
Show file tree
Hide file tree
Showing 4 changed files with 33 additions and 4 deletions.
5 changes: 4 additions & 1 deletion packages/vite/src/node/server/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -617,7 +617,10 @@ export async function _createServer(
_importGlobMap: new Map(),
_forceOptimizeOnRestart: false,
_pendingRequests: new Map(),
_fsDenyGlob: picomatch(config.server.fs.deny, { matchBase: true }),
_fsDenyGlob: picomatch(config.server.fs.deny, {
matchBase: true,
nocase: true,
}),
_shortcutsOptions: undefined,
}

Expand Down
8 changes: 7 additions & 1 deletion playground/fs-serve/__tests__/base/fs-serve-base.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,13 @@ describe.runIf(isServe)('main', () => {
})

test('denied', async () => {
expect(await page.textContent('.unsafe-dotenv')).toBe('404')
expect(await page.textContent('.unsafe-dotenv')).toBe('403')
})

test('denied EnV casing', async () => {
// It is 403 in case insensitive system, 404 in others
const code = await page.textContent('.unsafe-dotEnV-casing')
expect(code === '403' || code === '404').toBeTruthy()
})
})

Expand Down
8 changes: 7 additions & 1 deletion playground/fs-serve/__tests__/fs-serve.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,13 @@ describe.runIf(isServe)('main', () => {
})

test('denied', async () => {
expect(await page.textContent('.unsafe-dotenv')).toBe('404')
expect(await page.textContent('.unsafe-dotenv')).toBe('403')
})

test('denied EnV casing', async () => {
// It is 403 in case insensitive system, 404 in others
const code = await page.textContent('.unsafe-dotEnV-casing')
expect(code === '403' || code === '404').toBeTruthy()
})
})

Expand Down
16 changes: 15 additions & 1 deletion playground/fs-serve/root/src/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ <h2>Nested Entry</h2>

<h2>Denied</h2>
<pre class="unsafe-dotenv"></pre>
<pre class="unsafe-dotEnV-casing"></pre>

<script type="module">
import '../../entry'
Expand Down Expand Up @@ -236,14 +237,27 @@ <h2>Denied</h2>
})

// .env, denied by default
fetch(joinUrlSegments(base, joinUrlSegments('/@fs/', ROOT) + '/root/.env'))
fetch(
joinUrlSegments(base, joinUrlSegments('/@fs/', ROOT) + '/root/src/.env'),
)
.then((r) => {
text('.unsafe-dotenv', r.status)
})
.catch((e) => {
console.error(e)
})

// .env, for case insensitive file systems
fetch(
joinUrlSegments(base, joinUrlSegments('/@fs/', ROOT) + '/root/src/.EnV'),
)
.then((r) => {
text('.unsafe-dotEnV-casing', r.status)
})
.catch((e) => {
console.error(e)
})

function text(sel, text) {
document.querySelector(sel).textContent = text
}
Expand Down

0 comments on commit 91641c4

Please sign in to comment.