From fa86b17600ece582b41abc2d3125afba9fd7f0b9 Mon Sep 17 00:00:00 2001 From: Anthony Fu Date: Fri, 22 Oct 2021 06:05:17 +0800 Subject: [PATCH 1/4] feat: `server.fs.deny` support --- docs/config/index.md | 9 ++++++++ .../fs-serve/__tests__/fs-serve.spec.ts | 9 ++++++++ .../playground/fs-serve/root/src/index.html | 22 +++++++++++++++++++ packages/vite/src/node/server/index.ts | 16 +++++++++++++- .../src/node/server/middlewares/static.ts | 6 +++++ packages/vite/types/shims.d.ts | 6 ++++- 6 files changed, 66 insertions(+), 2 deletions(-) diff --git a/docs/config/index.md b/docs/config/index.md index 6bb9836e69094d..82519221acee4d 100644 --- a/docs/config/index.md +++ b/docs/config/index.md @@ -593,6 +593,15 @@ createServer() }) ``` +### server.fs.deny + +- **Experimental** +- **Type:** `string[]` + + Blocklist for sensitive files being restricted to be served by Vite dev server. + + Default to `['.env', '.env.*', '*.{pem,crt}']`. + ### server.origin - **Type:** `string` diff --git a/packages/playground/fs-serve/__tests__/fs-serve.spec.ts b/packages/playground/fs-serve/__tests__/fs-serve.spec.ts index c3d8ee9a9bf911..263bcabad5e41f 100644 --- a/packages/playground/fs-serve/__tests__/fs-serve.spec.ts +++ b/packages/playground/fs-serve/__tests__/fs-serve.spec.ts @@ -41,6 +41,15 @@ describe('main', () => { test('nested entry', async () => { expect(await page.textContent('.nested-entry')).toBe('foobar') }) + + test('nested entry', async () => { + expect(await page.textContent('.nested-entry')).toBe('foobar') + }) + + test('denied', async () => { + expect(await page.textContent('.unsafe-dotenv')).toBe('403') + expect(await page.textContent('.safe-root-file')).toBe('200') + }) } else { test('dummy test to make jest happy', async () => { // Your test suite must contain at least one test. diff --git a/packages/playground/fs-serve/root/src/index.html b/packages/playground/fs-serve/root/src/index.html index 67a2371c6b27fb..b1e93e292d12eb 100644 --- a/packages/playground/fs-serve/root/src/index.html +++ b/packages/playground/fs-serve/root/src/index.html @@ -23,6 +23,10 @@

Unsafe /@fs/ Fetch

Nested Entry


 
+

Denied

+

+

+
 
\ No newline at end of file
+
diff --git a/packages/playground/fs-serve/root/src/safe.txt b/packages/playground/fs-serve/root/src/safe.txt
new file mode 100644
index 00000000000000..3f3d0607101642
--- /dev/null
+++ b/packages/playground/fs-serve/root/src/safe.txt
@@ -0,0 +1 @@
+KEY=safe
diff --git a/packages/playground/fs-serve/root/.env b/packages/playground/fs-serve/root/unsafe.txt
similarity index 100%
rename from packages/playground/fs-serve/root/.env
rename to packages/playground/fs-serve/root/unsafe.txt

From 946cfa2e4cd9e5c74e9125496c28bb6de0a11a3f Mon Sep 17 00:00:00 2001
From: Anthony Fu 
Date: Mon, 25 Oct 2021 01:07:37 +0800
Subject: [PATCH 3/4] chore: update

---
 .../playground/fs-serve/__tests__/fs-serve.spec.ts     |  3 +--
 packages/playground/fs-serve/root/src/index.html       | 10 ----------
 2 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/packages/playground/fs-serve/__tests__/fs-serve.spec.ts b/packages/playground/fs-serve/__tests__/fs-serve.spec.ts
index 263bcabad5e41f..2a110a4ae2305e 100644
--- a/packages/playground/fs-serve/__tests__/fs-serve.spec.ts
+++ b/packages/playground/fs-serve/__tests__/fs-serve.spec.ts
@@ -45,10 +45,9 @@ describe('main', () => {
     test('nested entry', async () => {
       expect(await page.textContent('.nested-entry')).toBe('foobar')
     })
-  
+
     test('denied', async () => {
       expect(await page.textContent('.unsafe-dotenv')).toBe('403')
-      expect(await page.textContent('.safe-root-file')).toBe('200')
     })
   } else {
     test('dummy test to make jest happy', async () => {
diff --git a/packages/playground/fs-serve/root/src/index.html b/packages/playground/fs-serve/root/src/index.html
index b2b26c790ec027..c8b294e86ab0ea 100644
--- a/packages/playground/fs-serve/root/src/index.html
+++ b/packages/playground/fs-serve/root/src/index.html
@@ -25,7 +25,6 @@ 

Nested Entry

Denied


-