serve-static icon indicating copy to clipboard operation
serve-static copied to clipboard
verified publisher icon nestjs

After updating static-asset to 3.x, excluded paths fallback to index.html ( instead of returning a 404 )

Open chabb opened this issue 2 years ago • 2 comments

Did you read the migration guide?

  • [X] I have read the whole migration guide

Is there an existing issue that is already proposing this?

  • [X] I have searched the existing issues

Potential Commit/PR that introduced the regression

No response

Versions

2.2.2 -> 3.0.1

Describe the regression

Excluded paths that were not found would return a 404. It now fallbacks to index.html

Minimum reproduction code

This test was successful on 2.x

  it('should return 404 for static assets (eg .js, .svg, ...,  which were not found', async () => {
    return request(app.getHttpServer()).get('/app-bad-name.js').expect(404);
  });

Here is the configuration we use :

 imports: [
            ServeStaticModule.forRoot({
          // note: this isn't trying to be an exhaustive list of possible assets
          // we just want to handle the most common ones
          exclude: ['/*.(js|css|eot|ttf|woff|gif|ico|png|svg|jpg)'],
          rootPath,
          serveStaticOptions: {
            maxAge: MAX_AGE_7_DAYS,
            setHeaders: (res, path) => {
              if (path.endsWith('index.html')) {
                 // use .setHeader 
              }
            }
          }

The application fall backs to index.html when a stati

Expected behavior

Excluded path should return a 404

Other

I see that you use path-to-regexp 0.3.5 in your package... it's a bit weird because on our side, when i was building against next@8, I ended up with path-to-regexp 3.x, and when I was building against next@9, I endep up with path-to-regexp 6.x. So something might be wrong on my side too

chabb avatar May 28 '23 14:05 chabb

The root cause is the change of behavior of this method. It does not work anymore ( the regex returned by pathToRegexp has slightly changed ) https://github.com/nestjs/serve-static/blob/master/lib/utils/is-route-excluded.util.ts

chabb avatar May 29 '23 11:05 chabb

Ok, after a few investigations, I think I've found the root cause serve-static is now using [email protected]. Before it was using the 0.1.7 version. The generated regex are not the same. I think something needs to be changed when we call path-to-regex

I had to make the following changes in my app:

exclude: ['/*.(js|css|eot|ttf|woff|gif|ico|png|svg|jpg)'], (failing )

exclude: ['/(.*).(js|css|eot|ttf|woff|gif|ico|png|svg|jpg)']( passing)

It seems you cannot really pass anymore a path like *.png which is a bit misleading for consumers

chabb avatar May 30 '23 13:05 chabb