support (and ignore) query strings in URLs

master
Alan Faubert 6 months ago
parent e2c28c2792
commit acbd8992a8
  1. 3
      sfs.js

@ -47,11 +47,12 @@ const is_allowed = path => allowed_paths.length === 0 || (path = normalize_path(
http
.createServer(async (req, res) => {
const path = '.' + decodeURIComponent(req.url);
if (req.method !== 'GET' && req.method !== 'HEAD') {
send_error(res, 405, 'Method Not Allowed');
return;
}
const p = req.url.indexOf('?');
const path = '.' + decodeURIComponent(p > -1 ? req.url.slice(0, p) : req.url);
if (!path.startsWith('./') || path.includes('/..') || path.includes('\\')) {
send_error(res, 403, 'Forbidden');
return;

Loading…
Cancel
Save