From 8f351bb0dac83b63312768a30539b1b764c40c70 Mon Sep 17 00:00:00 2001 From: Seva Baskin Date: Fri, 21 Apr 2017 16:49:58 +0100 Subject: [PATCH] Respond with 404 for forbidden assets --- src/express-http-server.js | 11 +++++++++++ test/app-server-test.js | 14 ++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/src/express-http-server.js b/src/express-http-server.js index f55d4ab0..5cd352e2 100644 --- a/src/express-http-server.js +++ b/src/express-http-server.js @@ -17,6 +17,12 @@ class ExpressHTTPServer { this.gzip = options.gzip || false; this.beforeMiddleware = options.beforeMiddleware || noop; this.afterMiddleware = options.afterMiddleware || noop; + this.forbiddenAssets = [ + '/fastbootAssetMap.json', + '/package.json', + '/node_modules/*', + '/fastboot/*' + ]; this.app = express(); } @@ -43,6 +49,11 @@ class ExpressHTTPServer { if (this.distPath) { app.get('/', fastbootMiddleware); + this.forbiddenAssets.forEach(function(path) { + app.get(path, function(req, res) { + res.sendStatus(404); + }); + }); app.use(express.static(this.distPath)); app.get('/assets/*', function(req, res) { res.sendStatus(404); diff --git a/test/app-server-test.js b/test/app-server-test.js index 256f6556..08ac092e 100644 --- a/test/app-server-test.js +++ b/test/app-server-test.js @@ -70,6 +70,20 @@ describe("FastBootAppServer", function() { }); }); + it("returns a 404 status code for forbidden assets", function() { + return runServer('basic-app-server') + .then(() => request('http://localhost:3000/package.json')) + .then(response => { + expect(response.statusCode).to.equal(404); + expect(response.body).to.match(/Not Found/); + }) + .then(() => request('http://localhost:3000/')) + .then(response => { + expect(response.statusCode).to.equal(200); + expect(response.body).to.contain('Welcome to Ember'); + }); + }); + it("executes beforeMiddleware", function() { return runServer('before-middleware-server') .then(() => request('http://localhost:3000'))