WEB-21594 Web preview opens a 404 Not Found document
authorVladimir Krivosheev <vladimir.krivosheev@jetbrains.com>
Fri, 13 May 2016 16:14:49 +0000 (18:14 +0200)
committerVladimir Krivosheev <vladimir.krivosheev@jetbrains.com>
Fri, 13 May 2016 16:14:49 +0000 (18:14 +0200)
platform/built-in-server/src/org/jetbrains/builtInWebServer/DefaultWebServerPathHandler.kt
platform/built-in-server/src/org/jetbrains/builtInWebServer/StaticFileHandler.kt
platform/built-in-server/testSrc/BuiltInServerTestCase.kt
platform/built-in-server/testSrc/BuiltInWebServerTest.kt

index 2876c923e9bd9f2e5c0eda5309006d7b71f846bc..f3b93dceabb6b1eab63a1b30efbf94b103ee6a48 100644 (file)
@@ -139,7 +139,8 @@ private fun checkAccess(pathInfo: PathInfo, channel: Channel, request: HttpReque
       HttpResponseStatus.FORBIDDEN.orInSafeMode(HttpResponseStatus.NOT_FOUND).send(channel, request)
       return false
     }
-    else if (!checkAccess(file, Paths.get(pathInfo.root.path))) {
+    else if (!hasAccess(file)) {
+      // we check only file, but all directories in the path because of https://youtrack.jetbrains.com/issue/WEB-21594
       HttpResponseStatus.FORBIDDEN.orInSafeMode(HttpResponseStatus.NOT_FOUND).send(channel, request)
       return false
     }
index 457e39c19f5b079a9350ef2a71bebc0df86755be..b8325a0a26ac219d2f3e926aec5a7e42d18f339a 100644 (file)
@@ -105,4 +105,4 @@ internal fun checkAccess(file: Path, root: Path = file.root): Boolean {
 }
 
 // deny access to any dot prefixed file
-private fun hasAccess(result: Path) = Files.isReadable(result) && !(Files.isHidden(result) || result.fileName.toString().startsWith('.'))
\ No newline at end of file
+internal fun hasAccess(result: Path) = Files.isReadable(result) && !(Files.isHidden(result) || result.fileName.toString().startsWith('.'))
\ No newline at end of file
index b30634beb5a42b067040beb0848e1a1bb1b2b1e1..1e84816f18014745fc1ac3017030cae642802e4f 100644 (file)
@@ -55,6 +55,7 @@ internal abstract class BuiltInServerTestCase {
 
 internal fun testUrl(url: String, expectedStatus: HttpResponseStatus): HttpURLConnection {
   val connection = URL(url).openConnection() as HttpURLConnection
+  BuiltInServerManager.getInstance().configureRequestToWebServer(connection)
   assertThat(HttpResponseStatus.valueOf(connection.responseCode)).isEqualTo(expectedStatus)
   return connection
 }
\ No newline at end of file
index d457fac331be20e1cbd19504360ba89ada04cb1a..7ec80123d0de3d66025a0a26a0108cc8d987a7a1 100644 (file)
@@ -93,7 +93,7 @@ internal class HeavyBuiltInWebServerTest {
   }
 
   @Test
-  fun `hidden dir`() {
+  fun `file in hidden folder`() {
     val projectDir = tempDirManager.newPath().resolve("foo/bar")
     val projectDirPath = projectDir.systemIndependentPath
     createHeavyProject("$projectDirPath/test.ipr").use { project ->
@@ -101,15 +101,15 @@ internal class HeavyBuiltInWebServerTest {
       LocalFileSystem.getInstance().refreshAndFindFileByPath(projectDirPath)
       createModule(projectDirPath, project)
 
-      val dir = projectDir.resolve(".doNotExposeMe")
+      val dir = projectDir.resolve(".coverage")
       if (SystemInfo.isWindows) {
         Files.setAttribute(dir, "dos:hidden", true)
       }
 
-      val path = dir.resolve("foo").write("doNotExposeMe").systemIndependentPath
+      val path = dir.resolve("foo").write("exposeMe").systemIndependentPath
       val relativePath = FileUtil.getRelativePath(project.basePath!!, path, '/')
       val webPath = StringUtil.replace(UrlEscapers.urlPathSegmentEscaper().escape("${project.name}/$relativePath"), "%2F", "/")
-      testUrl("http://localhost:${BuiltInServerManager.getInstance().port}/$webPath", HttpResponseStatus.FORBIDDEN)
+      testUrl("http://localhost:${BuiltInServerManager.getInstance().port}/$webPath", HttpResponseStatus.OK)
     }
   }
 }
\ No newline at end of file