Closed reed1 closed 4 years ago
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
Hey thanks for the PR! Totally agreed, this looks really dangerous. Couple of suggestions:
if(){}
for more clarity. Can use if (!options.public) return;
as well, as a guard clause.''
.I'm going to evaluate it ASAP and might merge it without those changes because at a glance this seems very important.
Ah this only intended to give you an idea, you can just close this and make changes as needed. Thanks for the framework btw
Merging it for now, will improve it locally.
Thanks for the PR!
Published server@1.0.20
🎉
Describe the bug For now public option defaults to 'public'. There's a section in the docs to disable public, but it doesn't work as intended:
public: false
will produce error on starting server (UnhandledPromiseRejectionWarning: TypeError: root path required)public: ''
will actually makes the root directory of application all public, which is really dangerousTo Reproduce Steps to reproduce the behavior:
npm i server
{public: false}
or{public: ''}
as the server optionExpected behavior
public: false
andpublic: ''
should not give error and should not serve static files