response.sendfile() fails with Error: Forbidden with path includes a symlink #1465
Comments
|
That error comes from the path containing res.sendfile(path, {'root': '/path/to/root/directory'});The root option should be the directory you want to serve the files from. It is intended to prevent the path from containing things like |
|
are you saying that it explicitly prevents you from using .. in any case? |
|
Yes, |
|
yeah if you're not restricting with a root dir it's a potential security issue. You can resolve() to absolute paths to get around that but if you're accepting user input in those cases that's still a flaw, but if you're not then no big deal! |
... see stuff like... expressjs/express#1465 (comment) (linked from...) https://stackoverflow.com/q/13337288/1028230
|
Done these things but its not working but the same code works in other sysytem whta will be the fault or permissions i am missing |
here's the stack:
Error: Forbidden
at SendStream.error (/Users/jlage/Development/web/server/bootstrap/node_modules/express/node_modules/send/lib/send.js:145:16)
at SendStream.pipe (/Users/jlage/Development/web/server/bootstrap/node_modules/express/node_modules/send/lib/send.js:307:39)
at ServerResponse.res.sendfile (/Users/jlage/Development/web/server/bootstrap/node_modules/express/lib/response.js:336:8)
at module.exports.load_funds_list (/Users/jlage/Development/web/amber/controllers/ref-data.js:23:12)
at Object.oncomplete (fs.js:297:15)
The text was updated successfully, but these errors were encountered: