-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(importAnalysis): strip url base before passing as safeModulePaths (…
…#13712) Co-authored-by: Ben McCann <[email protected]> Co-authored-by: sapphi-red <[email protected]>
- Loading branch information
1 parent
66f522c
commit 1ab06a8
Showing
6 changed files
with
204 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
104 changes: 104 additions & 0 deletions
104
playground/fs-serve/__tests__/base/fs-serve-base.spec.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
import fetch from 'node-fetch' | ||
import { beforeAll, describe, expect, test } from 'vitest' | ||
import testJSON from '../../safe.json' | ||
import { isServe, page, viteTestUrl } from '~utils' | ||
|
||
const stringified = JSON.stringify(testJSON) | ||
|
||
describe.runIf(isServe)('main', () => { | ||
beforeAll(async () => { | ||
const srcPrefix = viteTestUrl.endsWith('/') ? '' : '/' | ||
await page.goto(viteTestUrl + srcPrefix + 'src/') | ||
}) | ||
|
||
test('default import', async () => { | ||
expect(await page.textContent('.full')).toBe(stringified) | ||
}) | ||
|
||
test('named import', async () => { | ||
expect(await page.textContent('.named')).toBe(testJSON.msg) | ||
}) | ||
|
||
test('safe fetch', async () => { | ||
expect(await page.textContent('.safe-fetch')).toMatch('KEY=safe') | ||
expect(await page.textContent('.safe-fetch-status')).toBe('200') | ||
}) | ||
|
||
test('safe fetch with query', async () => { | ||
expect(await page.textContent('.safe-fetch-query')).toMatch('KEY=safe') | ||
expect(await page.textContent('.safe-fetch-query-status')).toBe('200') | ||
}) | ||
|
||
test('safe fetch with special characters', async () => { | ||
expect( | ||
await page.textContent('.safe-fetch-subdir-special-characters'), | ||
).toMatch('KEY=safe') | ||
expect( | ||
await page.textContent('.safe-fetch-subdir-special-characters-status'), | ||
).toBe('200') | ||
}) | ||
|
||
test('unsafe fetch', async () => { | ||
expect(await page.textContent('.unsafe-fetch')).toMatch('403 Restricted') | ||
expect(await page.textContent('.unsafe-fetch-status')).toBe('403') | ||
}) | ||
|
||
test('unsafe fetch with special characters (#8498)', async () => { | ||
expect(await page.textContent('.unsafe-fetch-8498')).toBe('') | ||
expect(await page.textContent('.unsafe-fetch-8498-status')).toBe('404') | ||
}) | ||
|
||
test('unsafe fetch with special characters 2 (#8498)', async () => { | ||
expect(await page.textContent('.unsafe-fetch-8498-2')).toBe('') | ||
expect(await page.textContent('.unsafe-fetch-8498-2-status')).toBe('404') | ||
}) | ||
|
||
test('safe fs fetch', async () => { | ||
expect(await page.textContent('.safe-fs-fetch')).toBe(stringified) | ||
expect(await page.textContent('.safe-fs-fetch-status')).toBe('200') | ||
}) | ||
|
||
test('safe fs fetch', async () => { | ||
expect(await page.textContent('.safe-fs-fetch-query')).toBe(stringified) | ||
expect(await page.textContent('.safe-fs-fetch-query-status')).toBe('200') | ||
}) | ||
|
||
test('safe fs fetch with special characters', async () => { | ||
expect(await page.textContent('.safe-fs-fetch-special-characters')).toBe( | ||
stringified, | ||
) | ||
expect( | ||
await page.textContent('.safe-fs-fetch-special-characters-status'), | ||
).toBe('200') | ||
}) | ||
|
||
test('unsafe fs fetch', async () => { | ||
expect(await page.textContent('.unsafe-fs-fetch')).toBe('') | ||
expect(await page.textContent('.unsafe-fs-fetch-status')).toBe('403') | ||
}) | ||
|
||
test('unsafe fs fetch with special characters (#8498)', async () => { | ||
expect(await page.textContent('.unsafe-fs-fetch-8498')).toBe('') | ||
expect(await page.textContent('.unsafe-fs-fetch-8498-status')).toBe('404') | ||
}) | ||
|
||
test('unsafe fs fetch with special characters 2 (#8498)', async () => { | ||
expect(await page.textContent('.unsafe-fs-fetch-8498-2')).toBe('') | ||
expect(await page.textContent('.unsafe-fs-fetch-8498-2-status')).toBe('404') | ||
}) | ||
|
||
test('nested entry', async () => { | ||
expect(await page.textContent('.nested-entry')).toBe('foobar') | ||
}) | ||
|
||
test('denied', async () => { | ||
expect(await page.textContent('.unsafe-dotenv')).toBe('404') | ||
}) | ||
}) | ||
|
||
describe('fetch', () => { | ||
test('serve with configured headers', async () => { | ||
const res = await fetch(viteTestUrl + '/src/') | ||
expect(res.headers.get('x-served-by')).toBe('vite') | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
import path from 'node:path' | ||
import { defineConfig } from 'vite' | ||
|
||
const BASE = '/base/' | ||
|
||
export default defineConfig({ | ||
base: BASE, | ||
build: { | ||
rollupOptions: { | ||
input: { | ||
main: path.resolve(__dirname, 'src/index.html'), | ||
}, | ||
}, | ||
}, | ||
server: { | ||
fs: { | ||
strict: true, | ||
allow: [path.resolve(__dirname, 'src')], | ||
}, | ||
hmr: { | ||
overlay: false, | ||
}, | ||
headers: { | ||
'x-served-by': 'vite', | ||
}, | ||
}, | ||
preview: { | ||
headers: { | ||
'x-served-by': 'vite', | ||
}, | ||
}, | ||
define: { | ||
ROOT: JSON.stringify(path.dirname(__dirname).replace(/\\/g, '/')), | ||
BASE: JSON.stringify(BASE), | ||
}, | ||
}) |