When the directory itself being a symlink does not work.

[hanxi]

My test code:

from fastapi import FastAPI
import uvicorn

from staticfiles import StaticFiles

app = FastAPI()
app.mount("/music", StaticFiles(directory="/home/hanxi/work/xiaomusic/music", follow_symlink=True), name="music")

uvicorn.run(
    app,
    host=["::", "0.0.0.0"],
    port=3333,
)

The directory /home/hanxi/work/xiaomusic/music is a symlink.

> ls -l /home/hanxi/work/xiaomusic/music
lrwxrwxrwx 1 hanxi hanxi 26 Apr 30 12:10 /home/hanxi/work/xiaomusic/music -> /home/hanxi/nas/data/music

I fix this in https://github.com/hanxi/starlette/commit/831cb5d255832d9f704ffd7be49b4184cd301dd6

Need pr?

[!IMPORTANT]

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

[Kludex]

I guess this makes sense. We did have a security advisory about symlinks, so I'm a bit cautious.

Would you like to create a PR? Also, check the advisory https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px and see if we will not introduce something similar. 🙏

Thanks!

[hanxi]

I test GHSA-v5gw-mw7f-84px case. test result is 404 Not Found. Review PR #2711 please. Thanks!