忽略nginx中URL中的句点或点号。

huangapple go评论71阅读模式
英文:

Ignore dots or periods in URLs with nginx

问题

I'm using Vite in development mode using Docker at my local machine (Windows 10). Local custom domain won't load because the required script can't be loaded.

/node_modules/.vite/deps/vue.js?v=803526f2

It returns 403 Forbidden error.

In console, it says:

/node_modules/.vite/deps/vue.js?v=803526f2" module was blocked because of a disallowed MIME type ("text/html")


I found out that my nginx has this:

location ~ /\.(?!well-known) {
    deny all;
}

It causes to block the URL because it contains period e.g /.vite/.
I tried deleting the nginx code and it works. However, it's not good in terms of security.
Any better ideas? I'm looking for nginx rule code that will allow /.vite/ to pass so it will not be blocked.

英文:

I'm using Vite in development mode using Docker at my local machine (Windows 10). Local custom domain won't load because the required script can't be loaded.

/node_modules/.vite/deps/vue.js?v=803526f2

It returns 403 Forbidden error.

In console, it says:

/node_modules/.vite/deps/vue.js?v=803526f2" module was blocked because of a disallowed MIME type ("text/html")


I found out that my nginx has this:

location ~ /\.(?!well-known) {
    deny all;
}

It causes to block the URL because it contains period e.g /.vite/.
I tried deleting the nginx code and it works. However, it's not good in terms of security.
Any better ideas? I'm looking for nginx rule code that will allow /.vite/ to pass so it will not be blocked.

答案1

得分: 1

Change the regex to ignore .vite too, like it already ignores .well-known:

location ~ /\.(?!well-known|vite)

But since this is a local dev server, you probably won't need this rule in the first place, because there is no security issue within your local machine anyway (and if you'd want to test an environment similar to production, then you wouldn't use a dev server either, and then the rule wouldn't be an issue).

英文:

Change the regex to ignore .vite too, like it already ignores .well-known:

location ~ /\.(?!well-known|vite)

But since this is a local dev server, you probably won't need this rule in the first place, because there is no security issue within your local machine anyway (and if you'd want to test an environment similar to production, then you wouldn't use a dev server either, and then the rule wouldn't be an issue).

huangapple
  • 本文由 发表于 2023年3月23日 11:35:10
  • 转载请务必保留本文链接:https://go.coder-hub.com/75819046.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定