Skip to content

Commit 582fba0

Browse files
authored
fix(rsc): validate findSourceMapURL request (#1024)
1 parent 329c40a commit 582fba0

File tree

3 files changed

+22
-2
lines changed

3 files changed

+22
-2
lines changed

packages/plugin-rsc/e2e/basic.test.ts

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,17 @@ import path from 'node:path'
2020
test.describe('dev-default', () => {
2121
const f = useFixture({ root: 'examples/basic', mode: 'dev' })
2222
defineTest(f)
23+
24+
test('validate findSourceMapURL', async () => {
25+
const requestUrl = new URL(f.url('__vite_rsc_findSourceMapURL'))
26+
requestUrl.searchParams.set(
27+
'filename',
28+
new URL('../examples/basic/.env', import.meta.url).href,
29+
)
30+
requestUrl.searchParams.set('environmentName', 'Server')
31+
const response = await fetch(requestUrl)
32+
expect(response.status).toBe(404)
33+
})
2334
})
2435

2536
test.describe('dev-initial', () => {
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
TEST_ENV=ok

packages/plugin-rsc/src/plugins/find-source-map-url.ts

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,10 @@
11
import { fileURLToPath } from 'node:url'
2-
import type { EnvironmentModuleNode, Plugin, ViteDevServer } from 'vite'
2+
import {
3+
isFileLoadingAllowed,
4+
type EnvironmentModuleNode,
5+
type Plugin,
6+
type ViteDevServer,
7+
} from 'vite'
38
import fs from 'node:fs'
49

510
//
@@ -48,7 +53,10 @@ async function findSourceMapURL(
4853
// this is likely server external (i.e. outside of Vite processing)
4954
if (filename.startsWith('file://')) {
5055
filename = fileURLToPath(filename)
51-
if (fs.existsSync(filename)) {
56+
if (
57+
isFileLoadingAllowed(server.config, filename) &&
58+
fs.existsSync(filename)
59+
) {
5260
// line-by-line identity source map
5361
const content = fs.readFileSync(filename, 'utf-8')
5462
return {

0 commit comments

Comments
 (0)