Closed jjmerino closed 9 years ago
Thank you so much for such a detailed bug report!!
I'm going to make a slight modification in that the root case should also next()
instead of 403 to allow people to add directory handling afterwards; send
does the 403 because it's the end-of-the-line type of deal, while this is simply a middleware :)
Thanks for the positive feedback! I agree 404 makes more sense. I didn't see that at the time. Cheers
So usually after the amount of code changes I made to your PR I would normally not keep your name as the commit author, but I'm just so thankful for the thoroughness of your report I'm keeping your name on the new commit I made :)
Thanks, I really appreciate that! :)
Published as 1.6.4 on npm :)
Problem The library falls into an infinite redirect loop when index option is set to false and the url matches a directory. How to reproduce Serve a folder using serve static and disable index:
{index:false}
, try to access any subdirectory. You will get an infinite redirect.Example:localhost/public/folder
will turn intolocalhost/public/folder////////////////////
.Explanation When index option is set to false, the
send
library will, by default, send a 403 response if the requested resource is a directory. This will not happen if there are anyon('redirect',...)
listeners, as thesend
library will delegate to the listeners.Unfortunately, the
serve-static
library handles the redirection but does not check to see if the resource ends with/
. This results in the library redirecting tooriginalUrl+='/'
over and over again. Producing an infinite redirect loop when index is set to false and the user requests a directory.Proposed Solution The problem has been fixed by assuming a desired behaviour similar to that of the
send
library and the rest ofserve-static
, i.e, 403 for root directory, and 404 (ignore and forward) for subdirectories, to ensure non-intrusiveness when using as a middleware. 2 passing tests have been added to the specs for both cases.