stackoom
  简体   繁体   中英

nodejs express: Setting express.static path as parent folder (/..) error

 原文  2021-01-14 13:12:34       node.js/ express/ path

Question

import express from "express"
import path from "path"

const app = express();
const __dirname = path.resolve();

app.use(express.static(`${__dirname}/../'webapp_test`))   //ERROR

app.get(`/`,(req,res)=>{
    res.sendFile(`${__dirname}/../webapp_test/todo.html`);
});

app.listen(8080);

By setting express.static() path as string literal with escape sequence ${}

Error occurs when connect to localhost:8080 like

ForbiddenError: Forbidden
    at SendStream.error (WORKING DIRECTORY\node_modules\send\index.js:270:31)
    at SendStream.pipe (WORKING DIRECTORY\node_modules\send\index.js:553:12)
    at sendfile (WORKING DIRECTORY\node_modules\express\lib\response.js:1103:8)
    at ServerResponse.sendFile (WORKING DIRECTORY\node_modules\express\lib\response.js:433:3)
    at file://WORKING DIRECTORY/main.js:13:9
    at Layer.handle [as handle_request] (WORKING DIRECTORY\node_modules\express\lib\router\layer.js:95:5)
    at next (WORKING DIRECTORY\node_modules\express\lib\router\route.js:137:13)
    at Route.dispatch (WORKING DIRECTORY\node_modules\express\lib\router\route.js:112:3)
    at Layer.handle [as handle_request] (WORKING DIRECTORYt\node_modules\express\lib\router\layer.js:95:5)
    at WORKING DIRECTORY\node_modules\express\lib\router\index.js:281:22

But if I set path with path.join method as

app.use(express.static(path.join(__dirname,`..`,`webapp_test`));

app.get(`/`,(req,res)=>{
    res.sendFile(path.join(__dirname,`..`,`webapp_test`,`todo.html`));
});

Page loads well

What am I missing?

1 answers

solution1
 1 ACCPTED  2021-01-14 22:57:09

It is because of the "../". This is considered malicious and will be blocked by express in order to prevent web users from theoretically accessing the computers file system by typing.. In the url. You need to resolve the path first by calling path.resolve and then the whole computers file s pass it to express. This is essentially what path.join also does so that after calling path.join it also works.

That means you need to replace

res.sendFile(`${__dirname}/../webapp_test/todo.html`);

with

res.sendFile(path.resolve(`${__dirname}/../webapp_test/todo.html`));

As well as

app.use(express.static(`${__dirname}/../'webapp_test`))   //ERROR

with

app.use(express.static(path.resolve(`${__dirname}/../webapp_test`)))   //ERROR

Another solution would be to specify the root directory for your calls like ths:

res.sendfile(path, {'root': '/path/to/root/directory'});

Hope that anwsers your question.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Dynamic express.static() folder path What is the rule for express.static root path? path name argument in express.static not finding a image path with express.static Difference between express.static(path.join(__dirname, '/static')) and express.static(__dirname + '/static') Express.static() not working What is express.static in Express? Static folder with nodejs and express What is the difference between “views” path and the path used in express.static? express.static being overridden by redirect directive in Nodejs
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM