Zengtudor/Nuxt
1
0
Fork 0
mirror of https://github.com/nuxt/nuxt.git synced 2024-11-23 14:15:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

forbid access to server-bundle.json in production (#916)

Browse Source
This commit is contained in:
Pooya Parsa 2017-06-18 12:48:45 +04:30
parent 6146de34f8
commit fa9bc9445b
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/core/renderer.js
View File

@ -180,6 +180,11 @@ export default class Renderer extends Tapable {
if (!this.options.dev && req.url.indexOf(this.options.build.publicPath) === 0) {
const url = req.url
req.url = req.url.replace(this.options.build.publicPath, '/')
// Forbid access to sensitive data (#916)
if (req.url.includes('server-bundle.json')) {
res.statusCode = 404
return res.end()
}
await this.serveStaticNuxt(req, res)
/* istanbul ignore next */
req.url = url
@ -306,7 +311,7 @@ export default class Renderer extends Tapable {
if (!jsdom) {
try {
jsdom = require('jsdom')
} catch (e) /* istanbul ignore next */{
} catch (e) /* istanbul ignore next */ {
console.error('Fail when calling nuxt.renderAndGetWindow(url)') // eslint-disable-line no-console
console.error('jsdom module is not installed') // eslint-disable-line no-console
console.error('Please install jsdom with: npm install --save-dev jsdom') // eslint-disable-line no-console