From 91641c4da0a011d4c5352e88fc68389d4e1289a5 Mon Sep 17 00:00:00 2001 From: patak Date: Fri, 19 Jan 2024 14:02:51 +0100 Subject: [PATCH] fix: fs deny for case insensitive systems (#15653) --- packages/vite/src/node/server/index.ts | 5 ++++- .../__tests__/base/fs-serve-base.spec.ts | 8 +++++++- playground/fs-serve/__tests__/fs-serve.spec.ts | 8 +++++++- playground/fs-serve/root/src/index.html | 16 +++++++++++++++- 4 files changed, 33 insertions(+), 4 deletions(-) diff --git a/packages/vite/src/node/server/index.ts b/packages/vite/src/node/server/index.ts index bec44dafb25910..eb34efa3dd4b99 100644 --- a/packages/vite/src/node/server/index.ts +++ b/packages/vite/src/node/server/index.ts @@ -617,7 +617,10 @@ export async function _createServer( _importGlobMap: new Map(), _forceOptimizeOnRestart: false, _pendingRequests: new Map(), - _fsDenyGlob: picomatch(config.server.fs.deny, { matchBase: true }), + _fsDenyGlob: picomatch(config.server.fs.deny, { + matchBase: true, + nocase: true, + }), _shortcutsOptions: undefined, } diff --git a/playground/fs-serve/__tests__/base/fs-serve-base.spec.ts b/playground/fs-serve/__tests__/base/fs-serve-base.spec.ts index 4660fafcc8031f..51e87ccd3b57cf 100644 --- a/playground/fs-serve/__tests__/base/fs-serve-base.spec.ts +++ b/playground/fs-serve/__tests__/base/fs-serve-base.spec.ts @@ -92,7 +92,13 @@ describe.runIf(isServe)('main', () => { }) test('denied', async () => { - expect(await page.textContent('.unsafe-dotenv')).toBe('404') + expect(await page.textContent('.unsafe-dotenv')).toBe('403') + }) + + test('denied EnV casing', async () => { + // It is 403 in case insensitive system, 404 in others + const code = await page.textContent('.unsafe-dotEnV-casing') + expect(code === '403' || code === '404').toBeTruthy() }) }) diff --git a/playground/fs-serve/__tests__/fs-serve.spec.ts b/playground/fs-serve/__tests__/fs-serve.spec.ts index 86e030326ea420..9d9d4c6ec80e54 100644 --- a/playground/fs-serve/__tests__/fs-serve.spec.ts +++ b/playground/fs-serve/__tests__/fs-serve.spec.ts @@ -92,7 +92,13 @@ describe.runIf(isServe)('main', () => { }) test('denied', async () => { - expect(await page.textContent('.unsafe-dotenv')).toBe('404') + expect(await page.textContent('.unsafe-dotenv')).toBe('403') + }) + + test('denied EnV casing', async () => { + // It is 403 in case insensitive system, 404 in others + const code = await page.textContent('.unsafe-dotEnV-casing') + expect(code === '403' || code === '404').toBeTruthy() }) }) diff --git a/playground/fs-serve/root/src/index.html b/playground/fs-serve/root/src/index.html index 5de6804a7658de..06bee3f8671949 100644 --- a/playground/fs-serve/root/src/index.html +++ b/playground/fs-serve/root/src/index.html @@ -45,6 +45,7 @@

Nested Entry

Denied


+