MCPcopy
hub / github.com/vitejs/vite / isFileLoadingAllowed

Function isFileLoadingAllowed

packages/vite/src/node/server/middlewares/static.ts:294–327  ·  view source on GitHub ↗
(
  config: ResolvedConfig,
  filePath: string,
)

Source from the content-addressed store, hash-verified

292 * Warning: parameters are not validated, only works with normalized absolute paths
293 */
294export function isFileLoadingAllowed(
295 config: ResolvedConfig,
296 filePath: string,
297): boolean {
298 const { fs } = config.server
299
300 if (!fs.strict) return true
301
302 if (isWindows && filePath.includes('~')) {
303 // `~` is used for Windows 8.3 short names, which can be used to bypass the check.
304 // While is it valid to have files with `~` in the path, we disallow it to be safe.
305 return false
306 }
307
308 const hasDriveLetter = isWindows && windowsDriveRE.test(filePath)
309 const hasColon = (hasDriveLetter ? filePath.slice(2) : filePath).includes(':')
310 if (hasColon) {
311 // the `:` is included in the path which may be used for NTFS ADS
312 return false
313 }
314
315 // NOTE: `fs.readFile('/foo.png/')` tries to load `'/foo.png'`
316 // so we should check the path without trailing slash
317 const filePathWithoutTrailingSlash = filePath.endsWith('/')
318 ? filePath.slice(0, -1)
319 : filePath
320 if (config.fsDenyGlob(filePathWithoutTrailingSlash)) return false
321
322 if (config.safeModulePaths.has(filePath)) return true
323
324 if (fs.allow.some((uri) => isFileInTargetPath(uri, filePath))) return true
325
326 return false
327}
328
329export function checkLoadingAccess(
330 config: ResolvedConfig,

Callers 3

loadAndTransformFunction · 0.90
isFileServingAllowedFunction · 0.85
checkLoadingAccessFunction · 0.85

Calls 2

isFileInTargetPathFunction · 0.85
hasMethod · 0.80

Tested by

no test coverage detected