tonylinyy
commented
7 years ago we add a middleware like this to avoid,any better solution?
app.use(function *(next) { let filename = decodeURIComponent(path.normalize(this.path)); if(filename.indexOf('..')>=0){ this.status = 200; this.body = 'Not Found'; return; } yield next; });
dead-horse
hi when I use the middleware like this: app.use(staticCache(path.resolve(__dirname, '../public'), { gzip: true, dynamic: true })) anyone can view any directory and files like this in windows, http://xxx.xx.xx/..%5c..%5c/xxx it is very dangerous how to avoid?