Mirrors/dioxus
2
0
Fork 0
mirror of https://github.com/DioxusLabs/dioxus synced 2024-11-27 14:40:44 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: forbidden filtering

Browse source
This commit is contained in:
Jonathan Kelley 2022-02-27 14:29:07 -05:00
parent bfc55b0646
commit 4954079212
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
packages/desktop/src/protocol.rs
View file

@ -22,10 +22,17 @@ pub(super) fn desktop_handler(request: &Request, asset_root: Option<PathBuf>) ->
.body(dioxus_interpreter_js::INTERPRETER_JS.as_bytes().to_vec())
} else {
let asset_root = asset_root
.unwrap_or_else(|| get_asset_root().unwrap_or_else(|| Path::new(".").to_path_buf()));
.unwrap_or_else(|| get_asset_root().unwrap_or_else(|| Path::new(".").to_path_buf()))
.canonicalize()?;
let asset = asset_root.join(trimmed).canonicalize()?;
if !asset.starts_with(asset_root) {
return ResponseBuilder::new()
.status(StatusCode::FORBIDDEN)
.body(String::from("Forbidden").into_bytes());
}
if !asset.exists() {
return ResponseBuilder::new()
.status(StatusCode::NOT_FOUND)