( config: ResolvedConfig, path: string, )
| 327 | } |
| 328 | |
| 329 | export function checkLoadingAccess( |
| 330 | config: ResolvedConfig, |
| 331 | path: string, |
| 332 | ): 'allowed' | 'denied' | 'fallback' { |
| 333 | if (isFileLoadingAllowed(config, slash(path))) { |
| 334 | return 'allowed' |
| 335 | } |
| 336 | if (isFileReadable(path)) { |
| 337 | return 'denied' |
| 338 | } |
| 339 | // if the file doesn't exist, we shouldn't restrict this path as it can |
| 340 | // be an API call. Middlewares would issue a 404 if the file isn't handled |
| 341 | return 'fallback' |
| 342 | } |
| 343 | |
| 344 | export function respondWithAccessDenied( |
| 345 | id: string, |
no test coverage detected