When the project is launched with $npm i && npm run dev no problem raised when the browser is opened
When the project is launched with $yarn set version berry && yarn && yarn dev it will raise an issue about The request url "~/.yarn/berry/cache/@fontsource-roboto-npm-5.0.8-35f6bafae2-10c0.zip/node_modules/@fontsource/roboto/files/roboto-latin-500-normal.woff" is outside of Vite serving allow list when opened from browser. The fonts cannot be displayed correctly.
Vite dev server's file system access rules should be consistent across package managers.
[X] Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
[X] Make sure this is a Vite issue and not a framework-specific issue. For example, if it's a Vue SFC related bug, it should likely be reported to vuejs/core instead.
Describe the bug
I am following the https://mui.com/material-ui/getting-started/installation/#roboto-font to install roboto font through package manager because the CDN is blocked by a firewall.
After the installation is completed, the project still cannot serve the fonts correctly.
It appears relative url access for woff2 files from a css file in
@fontsource/roboto
is blocked by Vite dev server when using yarn PnP.The woff2 file should be a safe file included in safeModulesPath https://github.com/vitejs/vite/blob/71dc6a6b7d41c27133f04b92256bead74b8f2127/packages/vite/src/node/server/middlewares/static.ts#L218 It has a workaround to change server.fs.strict to false but this will be less safe.
Reproduction
https://stackblitz.com/edit/github-tmpxuz-g4gr11?file=src%2FApp.jsx
Steps to reproduce
Clone the repo in reproduction url.
When the project is launched with
$npm i && npm run dev
no problem raised when the browser is opened When the project is launched with$yarn set version berry && yarn && yarn dev
it will raise an issue about The request url "~/.yarn/berry/cache/@fontsource-roboto-npm-5.0.8-35f6bafae2-10c0.zip/node_modules/@fontsource/roboto/files/roboto-latin-500-normal.woff" is outside of Vite serving allow list when opened from browser. The fonts cannot be displayed correctly.Vite dev server's file system access rules should be consistent across package managers.
System Info
Used Package Manager
yarn
Logs
No response
Validations