Only serve HTML on specific index.html requests

Otherwise there is risk of an infinite loop through the iframe where the fallback keeps loading the root HTML which itself has an iframe...
2020-02-05 17:44:32 -06:00 · 2020-02-05 17:44:32 -06:00 · 205775ac97
commit 205775ac97
parent 4cc181cedc
2 changed files with 8 additions and 0 deletions
--- a/src/node/app/server.tsx
+++ b/src/node/app/server.tsx
@ -3,6 +3,7 @@ import * as http from "http"
 import * as React from "react"
 import * as ReactDOMServer from "react-dom/server"
 import App from "../../browser/app"
+import { HttpCode, HttpError } from "../../common/http"
 import { Options } from "../../common/util"
 import { HttpProvider, HttpResponse, Route } from "../http"

@ -21,6 +22,9 @@ export class MainHttpProvider extends HttpProvider {
      }

      case "/": {
+        if (route.requestPath !== "/index.html") {
+          throw new HttpError("Not found", HttpCode.NotFound)
+        }
        const options: Options = {
          authed: !!this.authenticated(request),
          basePath: this.base(route),
--- a/src/node/vscode/server.ts
+++ b/src/node/vscode/server.ts
@ -11,6 +11,7 @@ import {
  VscodeOptions,
  WorkbenchOptions,
 } from "../../../lib/vscode/src/vs/server/ipc"
+import { HttpCode, HttpError } from "../../common/http"
 import { generateUuid } from "../../common/util"
 import { HttpProvider, HttpProviderOptions, HttpResponse, Route } from "../http"
 import { SettingsProvider } from "../settings"
@ -114,6 +115,9 @@ export class VscodeHttpProvider extends HttpProvider {
    this.ensureAuthenticated(request)
    switch (route.base) {
      case "/":
+        if (route.requestPath !== "/index.html") {
+          throw new HttpError("Not found", HttpCode.NotFound)
+        }
        try {
          return await this.getRoot(request, route)
        } catch (error) {