Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

monorepo setups break when updating to vite 2.3.x #3347

Closed
lovasoa opened this issue May 11, 2021 · 2 comments
Closed

monorepo setups break when updating to vite 2.3.x #3347

lovasoa opened this issue May 11, 2021 · 2 comments
Labels
p3-minor-bug An edge case that only affects very specific usage (priority)

Comments

@lovasoa
Copy link
Contributor

lovasoa commented May 11, 2021

Describe the bug

All monorepo projects were accidentally broken while trying to fix an arbitrary file inclusion vulnerability in #3321

Reproduction

Create two folders:

  • root/frontend and root/mypackage
  • initialize an npm package in root/mypackage
  • initialize a vite project in root/frontend
  • in root/frontend, npm install ../mypackage
  • use mypackage in the project
  • serve the fontend project with vite

Logs

11:54:17 AM [vite] Internal server error: The request url "root/mypackage" is outside of vite dev server root "root/frontend". 
      For security concerns, accessing files outside of workspace root is restricted since Vite v2.3.x. 
      Refer to docs https://vitejs.dev/config/#server-fsserveroot for configurations and more details.
      at ensureServingAccess (/home/olojkine/dev/sizopt/frontend_patterm/node_modules/vite/dist/node/chunks/dep-c9ea388d.js:57841:15)
      at transformRequest (/home/olojkine/dev/sizopt/frontend_patterm/node_modules/vite/dist/node/chunks/dep-c9ea388d.js:57883:17)
      at processTicksAndRejections (internal/process/task_queues.js:93:5)
      at async viteTransformMiddleware (/home/olojkine/dev/sizopt/frontend_patterm/node_modules/vite/dist/node/chunks/dep-c9ea388d.js:58069:32)

See #3321 (comment)
@lovasoa lovasoa changed the title monorepo setupts break when updating to vite 2.3.x monorepo setups break when updating to vite 2.3.x May 11, 2021
@Shinigami92 Shinigami92 added the p3-minor-bug An edge case that only affects very specific usage (priority) label May 11, 2021
@lovasoa lovasoa mentioned this issue May 11, 2021
Closed
@Hawxy Hawxy mentioned this issue May 11, 2021
Closed
@lovasoa lovasoa mentioned this issue May 11, 2021
Merged
9 tasks
@arpowers
Copy link
Contributor

Have the same issue, in addition, SSR seems to trigger the problem when simply referencing the route.

Internal server error: The request url "/my/standard/route" is outside of vite dev server root ...

@meteorlxy meteorlxy mentioned this issue May 12, 2021
Closed
@patak-dev
Copy link
Member

This should be fixed in the latest version of Vite. See also https://vitejs.dev/config/#server-fs-allow with a config like

export default {
  server: {
    fs: {
      // Allow serving files from one level up to the project root
      allow: ['..']
    }
  }
}

in case the heuristic to detect the monorepo isn't working by default in your project.

@github-actions github-actions bot locked and limited conversation to collaborators Aug 15, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
p3-minor-bug An edge case that only affects very specific usage (priority)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@arpowers @lovasoa @patak-dev @Shinigami92 @nihalgonsalves