Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: disable fsServe restrictions by default #3377

Merged
merged 2 commits into from
May 12, 2021
Merged

fix: disable fsServe restrictions by default #3377

merged 2 commits into from
May 12, 2021

Conversation

antfu
Copy link
Member

@antfu antfu commented May 12, 2021

Description

As discussions with the team, we decided to postpone the fsServe restrictions to v2.4.0 or later when we find the solutions to solve a few issues and make the logic more robust and well tested.

This PR adding a new options server.fsServe.strict and set the default to false, and disabling the restrictions by default. In the future versions of Vite, we will change server.fsServe.strict to true when the restrictions issue are resolved.

You can still opt-in this security change by

export default {
  server: {
    fsServe: {
      strict: true
    }
  }
}

Additional context

What is the purpose of this pull request?

  • Bug fix
  • New Feature
  • Documentation update
  • Other

Before submitting the PR, please make sure you do the following

  • Read the Contributing Guidelines.
  • Read the Pull Request Guidelines and follow the Commit Convention.
  • Check that there isn't already a PR that solves the problem the same way to avoid creating a duplicate.
  • Provide a description in this PR that addresses what the PR is solving, or reference the issue that it solves (e.g. fixes #123).
  • Ideally, include relevant tests that fail without this PR but pass with it.

@Shinigami92 Shinigami92 added p5-urgent Fix build-breaking bugs affecting most users, should be released ASAP (priority) security labels May 12, 2021
@antfu antfu merged commit 5433a65 into vitejs:main May 12, 2021
@antfu antfu deleted the fix/disable-fs-serve-restriction branch May 12, 2021 08:39
@antfu antfu mentioned this pull request May 12, 2021
Closed
fi3ework pushed a commit to fi3ework/vite that referenced this pull request May 22, 2021
@antfu @fi3ework
fix: disable fsServe restrictions by default (vitejs#3377)
71b2ec2
@patak-dev patak-dev mentioned this pull request May 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patak-dev patak-dev patak-dev approved these changes

@Shinigami92 Shinigami92 Shinigami92 approved these changes

@underfin underfin Awaiting requested review from underfin

Assignees
No one assigned
Labels
p5-urgent Fix build-breaking bugs affecting most users, should be released ASAP (priority) security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@antfu @patak-dev @Shinigami92