serve-handler - npm Package Compare versions

Comparing version 2.3.14 to 2.3.15

package.json

		{
		"name": "serve-handler",
		"version": "2.3.14",
		"version": "2.3.15",
		"description": "The routing foundation of `serve` and static deployments on Now",
		@@ -36,3 +36,3 @@ "main": "src/index.js",
		"fs-extra": "6.0.1",
		"micro": "9.3.1",
		"micro": "9.3.2",
		"node-fetch": "2.1.2",
		@@ -68,4 +68,5 @@ "nyc": "11.8.0",
		"minimatch": "3.0.4",
		"path-is-inside": "1.0.2",
		"path-to-regexp": "2.2.1"
		}
		}

README.md

		@@ -248,18 +248,4 @@ # serve-handler

		## Use Cases

		There are two environments in which [ZEIT](https://zeit.co) uses this package:

		### Development

		When running static applications or sites on your local device, we suggest using [serve](https://github.com/zeit/serve).

		Since it comes with support for `serve-handler` out of the box, you can create a `serve.json` file to customize its behavior. It will also read the configuration from `static` inside `now.json`.

		### Production

		When deploying your site to [Now](https://zeit.co/now), both the `serve.json` file or the `static` property inside `now.json` will be parsed and used to handle requests on the platform.

		## Author

		Leo Lamprecht ([@notquiteleo](https://twitter.com/notquiteleo)) - [ZEIT](https://zeit.co)

src/index.js

		@@ -13,2 +13,3 @@ // Native
		const bytes = require('bytes');
		const isPathInside = require('path-is-inside');

		@@ -401,2 +402,11 @@ // Other

		// Prevent path traversal vulnerabilities. We could do this
		// by ourselves, but using the package covers all the edge cases.
		if (!isPathInside(absolutePath, current)) {
		response.statusCode = 400;
		response.end('Bad Request');

		return;
		}

		const cleanUrl = applicable(relativePath, config.cleanUrls);
		@@ -403,0 +413,0 @@ const redirect = shouldRedirect(relativePath, config, cleanUrl);

New alerts