mirror of
https://github.com/nuxt/nuxt.git
synced 2024-11-27 16:12:12 +00:00
forbid access to server-bundle.json in production (#916)
This commit is contained in:
parent
6146de34f8
commit
fa9bc9445b
@ -180,6 +180,11 @@ export default class Renderer extends Tapable {
|
||||
if (!this.options.dev && req.url.indexOf(this.options.build.publicPath) === 0) {
|
||||
const url = req.url
|
||||
req.url = req.url.replace(this.options.build.publicPath, '/')
|
||||
// Forbid access to sensitive data (#916)
|
||||
if (req.url.includes('server-bundle.json')) {
|
||||
res.statusCode = 404
|
||||
return res.end()
|
||||
}
|
||||
await this.serveStaticNuxt(req, res)
|
||||
/* istanbul ignore next */
|
||||
req.url = url
|
||||
|
Loading…
Reference in New Issue
Block a user