From 205775ac970d9db81f524cae15f281bc2fc0176a Mon Sep 17 00:00:00 2001 From: Asher Date: Wed, 5 Feb 2020 17:44:32 -0600 Subject: [PATCH] Only serve HTML on specific index.html requests Otherwise there is risk of an infinite loop through the iframe where the fallback keeps loading the root HTML which itself has an iframe... --- src/node/app/server.tsx | 4 ++++ src/node/vscode/server.ts | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/src/node/app/server.tsx b/src/node/app/server.tsx index a2e550335..b14876e67 100644 --- a/src/node/app/server.tsx +++ b/src/node/app/server.tsx @@ -3,6 +3,7 @@ import * as http from "http" import * as React from "react" import * as ReactDOMServer from "react-dom/server" import App from "../../browser/app" +import { HttpCode, HttpError } from "../../common/http" import { Options } from "../../common/util" import { HttpProvider, HttpResponse, Route } from "../http" @@ -21,6 +22,9 @@ export class MainHttpProvider extends HttpProvider { } case "/": { + if (route.requestPath !== "/index.html") { + throw new HttpError("Not found", HttpCode.NotFound) + } const options: Options = { authed: !!this.authenticated(request), basePath: this.base(route), diff --git a/src/node/vscode/server.ts b/src/node/vscode/server.ts index 5193d5618..de984ab51 100644 --- a/src/node/vscode/server.ts +++ b/src/node/vscode/server.ts @@ -11,6 +11,7 @@ import { VscodeOptions, WorkbenchOptions, } from "../../../lib/vscode/src/vs/server/ipc" +import { HttpCode, HttpError } from "../../common/http" import { generateUuid } from "../../common/util" import { HttpProvider, HttpProviderOptions, HttpResponse, Route } from "../http" import { SettingsProvider } from "../settings" @@ -114,6 +115,9 @@ export class VscodeHttpProvider extends HttpProvider { this.ensureAuthenticated(request) switch (route.base) { case "/": + if (route.requestPath !== "/index.html") { + throw new HttpError("Not found", HttpCode.NotFound) + } try { return await this.getRoot(request, route) } catch (error) {