mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

feat: add new fuse to treat file: identically to browsers (#40372)

Browse source
This commit is contained in:
Samuel Attard 2023-11-09 10:23:52 -08:00 committed by GitHub
parent 0f68d845f9
commit d504d150ef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 63 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

16
docs/api/protocol.md
View file

@ -122,7 +122,7 @@ Example:
```js
const { app, net, protocol } = require('electron')
const { join } = require('node:path')
const path = require('node:path')
const { pathToFileURL } = require('url')
protocol.registerSchemesAsPrivileged([
@ -145,9 +145,19 @@ app.whenReady().then(() => {
headers: { 'content-type': 'text/html' }
})
}
// NB, this does not check for paths that escape the bundle, e.g.
// NB, this checks for paths that escape the bundle, e.g.
// app://bundle/../../secret_file.txt
return net.fetch(pathToFileURL(join(__dirname, pathname)).toString())
const pathToServe = path.resolve(__dirname, pathname)
const relativePath = path.relative(__dirname, pathToServe)
const isSafe = relativePath && !relativePath.startsWith('..') && !path.isAbsolute(relativePath)
if (!isSafe) {
return new Response('bad', {
status: 400,
headers: { 'content-type': 'text/html' }
})
}
return net.fetch(pathToFileURL(pathToServe).toString())
} else if (host === 'api') {
return net.fetch('https://api.my-server.com/' + pathname, {
method: req.method,