Zengtudor/Nuxt
1
0
Fork 0
mirror of https://github.com/nuxt/nuxt.git synced 2024-11-27 16:12:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

forbid access to server-bundle.json in production (#916)

Browse Source
This commit is contained in:
Pooya Parsa 2017-06-18 12:48:45 +04:30
parent 6146de34f8
commit fa9bc9445b
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/core/renderer.js
View File

@ -180,6 +180,11 @@ export default class Renderer extends Tapable {
if (!this.options.dev && req.url.indexOf(this.options.build.publicPath) === 0) { if (!this.options.dev && req.url.indexOf(this.options.build.publicPath) === 0) {
const url = req.url const url = req.url
req.url = req.url.replace(this.options.build.publicPath, '/') req.url = req.url.replace(this.options.build.publicPath, '/')
// Forbid access to sensitive data (#916)
if (req.url.includes('server-bundle.json')) {
res.statusCode = 404
return res.end()
}
await this.serveStaticNuxt(req, res) await this.serveStaticNuxt(req, res)
/* istanbul ignore next */ /* istanbul ignore next */
req.url = url req.url = url