Accessing /static/{dir} will redirect to OS relative path

[firdausramlan]

Version: 1.2.3 & 2.0.0-beta.24

Let say I have folder /static/img, accessing url http://localhost:3000/static/img will redirect to http://localhost:3000/Users/bob/myapp/static/img/ .

[arunoda]

Can we have a sample repo for that and how to re-produce this?

[firdausramlan]

Sample repo: https://github.com/firdausramlan/static-dir-redirect

You can test it here. Click /static/img link and observe the url.

[timneutkens]

Just tested. Seeing the same issue you're seeing. I'll have a look @firdausramlan 😄

[arunoda]

Yeah! This is critical.
Since it expose the actual server path name.

[timneutkens]

Indeed. Fixing a critical bug in micro right now. Having a look after.

[arunoda]

@timneutkens I'll add some helpful info here to ease you task :)

[timneutkens]

@arunoda ❤️

[arunoda]

@timneutkens here's the source of the problem.
It's on the send npm module.
See: https://github.com/pillarjs/send/blob/master/index.js#L675

It redirect to the path if it find out the path is a dir.

[arunoda]

@timneutkens Changing our server/render.js as follows will work.
But need more testing.

export function serveStatic (req, res, path) {
  return new Promise((resolve, reject) => {
    send(req, path)
    .on('error', reject)
    .on('directory', function() {
      const err = new Error('No dir access')
      err.code = 'ENOENT'
      reject(err)
    })
    .pipe(res)
    .on('finish', resolve)
  })
}

[timneutkens]

@arunoda example works totally fine 👍 added a comment to explain why we do that 😉