search

mateimarica / mateimarica.dev

Personal website with an Express.js backend.
https://mateimarica.dev
MIT License
0 stars 0 forks source link

Root domain script is accessible through files domain #24

Closed mateimarica closed 2 months ago

mateimarica commented 1 year ago

The root domain's script is accessible through the files domain. https://mateimarica.dev/scripts/script.js https://files.mateimarica.dev/scripts/script.js

Find out why. This shouldn't be happening since the subdomain routers are registered before the root domain's static files in server.js

mateimarica commented 2 months ago

Found solution, which I described here

This is simple fix, just don't allow the request to propagate out of the subdomain router.

app.js

const express = require('express'),
      path = require('path'),
      subdomain = require('express-subdomain'),
      xyz = require('./xyz');

app.use(subdomain('xyz', xyz)); // register the subdomain routers first
app.use(express.static(path.join(__dirname, 'static/directory/path')));

// ...

xyz.js

const express = require('express'),
      router = express.Router();

// put all the middleware and routing here

router.use('*', (req, res) => {
      res.sendStatus(404);
});

module.exports = router;

Now, a static file such as example.com/script.js will return a 404 at xyz.example.com/script.js