Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Stop serving static files from root directory

See original GitHub issue

Clear and concise description of the problem

Vite serves files under the root directory:

https://github.com/vitejs/vite/blob/1e9615d8614458947a81e0d4753fe61f3a277cb3/packages/vite/src/node/server/index.ts#L558

This has caused some collisions. E.g. a SvelteKit user recently reported that they cannot have a URL path of tests because the static serving will attempt to serve the tests directory (https://github.com/sveltejs/kit/issues/4353).

It’s also caused quite a bit of confusion with the publicDir because files end up being available via two URLs. E.g. if you have public/image.png you could access it from both image.png and /public/image.png which has caused a number of users to be confused in the past

Having the source in the root directory has caused us issues because the root directory is then watched by Chokidar. The output is placed in a sub-directory within the root directory and having the output file being watched caused problems that were extremely difficult to track down and diagnose. It would be nice if the source lived within a subdirectory (SvelteKit projects use the src directory)

Finally, this has caused a number of people to have security concerns. A lot of people have sensitive files like .env in their root project directory. I think we may be special casing .env now, but a number of people have also been surprised to find that their files are being served. We’ve attempted to mitigated this with server.fs.allow, but have not yet found that to be a suitable solution. It is currently broken for many SvelteKit projects - though it may be fixed after 2.9 is released (https://github.com/vitejs/vite/pull/6518). It’s also been quite complicated to configure correctly.

Alternative

No response

Additional context

@patak-dev and @aleclarson both indicated that they found the current behavior strange as well

Validations

Follow our Code of Conduct
Read the Contributing Guidelines.
Read the docs.
Check that there isn’t already an issue that request the same feature to avoid creating a duplicate.

Issue Analytics

State:
Created 2 years ago
Reactions:21
Comments:6 (4 by maintainers)

Top GitHub Comments

2reactions

7antracommented, Jun 30, 2022

Any news 😰 here ?

🙏

1reaction

sapphi-redcommented, May 31, 2022

Defaulting root to /src/ could be an option.

I wonder if absolute imports get much usage and must continue to be supported?

IMO the support for users could be removed. But it is used internally. That’s the reason I said it cannot be simply removed. One way to get around this is to add ?assets to internal ones in order to differentiate them.

Top Results From Across the Web

How to serve static files from root path '/' - Stack Overflow

The root argument specifies the root directory from which to serve static assets. For more information on the options argument, ...

Serving static files in Express

The root argument specifies the root directory from which to serve static assets. For more information on the options argument, see express.static.

Serving Static Content | NGINX Plus

Configure NGINX and NGINX Plus to serve static content, with type-specific root directories, checks for file existence, and performance optimizations.

Prevent Nginx from serving any files under root if no location ...

Don't define a root at the server level, define it only in a location block.

How to manage static files (e.g. images, JavaScript, CSS)

Set the STATIC_ROOT setting to the directory from which you'd like to serve these files, for example: STATIC_ROOT = "/var/www/example.com/static/" · Run the ......