Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Enable vite.server.fs.strict internally by default #1842

Merged
merged 3 commits into from Jul 7, 2021
Merged

chore: Enable vite.server.fs.strict internally by default #1842

merged 3 commits into from Jul 7, 2021

Conversation

GrygrFlzr
Copy link
Member

Purpose

server.fs.strict

  • Experimental
  • Type: boolean
  • Default: false (will change to true in future versions)
    Restrict serving files outside of workspace root.

This setting remains user-configurable and does not emit warnings when overridden. An FAQ entry has been added about the behavior should someone encounter a blocked import.

In the future, when Vite makes this the default behavior, we can remove it from the internal default.

Tests

  • Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

  • If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpx changeset and following the prompts

@changeset-bot
Copy link

changeset-bot bot commented Jul 7, 2021

🦋 Changeset detected

Latest commit: d545427

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sveltejs/kit Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

benmccann
benmccann reviewed Jul 7, 2021
View reviewed changes
packages/kit/src/core/build/index.js
@@ -134,8 +134,19 @@ async function build_client({
/** @type {any} */
const user_config = config.kit.vite();

const default_config = {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if there's a ticket anywhere to track turning this on by default in Vite, but it could be good to add a link to it with a TODO to remove this after it's enabled

@benmccann
Copy link
Member

I'm currently seeing warnings when I run the tests. I'm not sure if this PR might improve that at all?

• • Unrestricted file system access to "/caching/private/uses-session"
• • Unrestricted file system access to "/caching/private/uses-fetch"
• • • • Unrestricted file system access to "/content-type-header"
• • • • • • • • • • • • • • • • • • Unrestricted file system access to "/encoded/endpoint"
• • • • • • • • • • • • • • • • • • • • • • • • • • Unrestricted file system access to "/errors/invalid-route-response"
• • • • • • Unrestricted file system access to "/etag/text"
• Unrestricted file system access to "/etag/binary"

@GrygrFlzr
Copy link
Member Author

This PR would actually get rid of those warnings. The issue stems from something related to vitejs/vite#4161 where it incorrectly attempts to load requested paths from the root of the filesystem, which the strict mode would prevent.

@benmccann benmccann merged commit 4d2fec5 into master Jul 7, 2021
@benmccann benmccann deleted the fs-strict-internal branch July 7, 2021 16:54
sidharthv96 added a commit to sidharthv96/kit that referenced this pull request Jul 11, 2021
@sidharthv96
Merge branch 'master' of github.com:sidharthv96/kit into fix/basePath
56f7bcc 
* 'master' of github.com:sidharthv96/kit: (1114 commits)
  Version Packages (next) (sveltejs#1858)
  Bump vite-plugin-svelte to 1.0.0-next.12 (sveltejs#1869)
  [fix] preserve user defined config and files on `svelte-kit package` (sveltejs#1735)
  [fix] handle undefined body on endpoint output (sveltejs#1808)
  [fix] copy essentials files from root on packaging (sveltejs#1747)
  [docs] sort config alphabetically (sveltejs#1867)
  add config.kit.package.emitTypes option (sveltejs#1852)
  [fix] add $lib alias to js/tsconfig (sveltejs#1860)
  Pass along custom properties added to Error (sveltejs#1821)
  Version Packages (next) (sveltejs#1840)
  Improve grammar in packages FAQ
  Docs for writing an adapter (sveltejs#1846)
  Additional documentation around pnpx changeset usage
  [feat] expose Vite.js `mode` from `$app/env` (sveltejs#1789)
  Service worker files exclusion support (sveltejs#1645)
  chore: Enable `vite.server.fs.strict` internally by default (sveltejs#1842)
  Test with the latest version of Svelte (sveltejs#1848)
  [docs] don't need to run pnpm install twice
  Improve HN example docs
  [fix] correct `ReadOnlyFormData` generator implementation (sveltejs#1837)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benmccann benmccann benmccann approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@GrygrFlzr @benmccann