`file_allowlist` limited to root directory only?

[tilusnet]

Description

I am using a file allowlist to serve static pages defined as follows:

{
    "VoilaConfiguration": {
        "file_allowlist": [
            ".*\\.(png|jpg|gif|svg|mp4|avi|ogg|html|js)"
        ]
    }
}

Prior to v0.5.0 this wildcard definition allowed access to any matching file, including relative paths under the root.

However this seems broken now: if I place a file foo/bar.html, it is not found (404 error). If I place it under root as bar.html, it is found and rendered as expected.

Did some logic change with #1367 ?

Context

• voila version 0.5.5
• Operating System and version: Ubuntu Linux 20.04 LTS
• Browser and version: Chrome v120

[jgunstone]

linking this https://github.com/voila-dashboards/voila/issues/1397 (also about file_allowlist ) in case related...