I'm currently testing LocomotiveJS
and have a very simple "hello world" app up
I thought I'd set up the connect favicon middleware, but when I visit any route ('/' for example) I get the following in the console:
127.0.0.1 - - [Tue, 17 Jul 2012 21:41:25 GMT] "GET / HTTP/1.1" 200 1491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11" Error: Forbidden at SendStream.error (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/send/lib/send.js:142:16) at SendStream.pipe (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/send/lib/send.js:307:52) at Object.static (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/static.js:78:8) at next (/usr/local/lib/node_modules/locomotive/node_modules/express/node_modules/connect/lib/http.js:204:15) at pass (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:219:24) at Router._dispatch (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:280:5) at Object.middleware [as handle] (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:45:10) at next (/usr/local/lib/node_modules/locomotive/node_modules/express/node_modules/connect/lib/http.js:204:15) at multipart (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/multipart.js:52:61) at module.exports (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/bodyParser.js:57:9) 127.0.0.1 - - [Tue, 17 Jul 2012 21:41:25 GMT] "GET /favicon.ico HTTP/1.1" 403 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11"
Any idea what's causing this?
Problem courtesy of: Alex
It looks like the send middleware is considering this request malicious
because it's not the root and contains "..". I'm not sure why
would cause isMalicious to return
though. I'd suggest debugging into
. Could either be some bug in
middleware or perhaps your code isn't configuring them. Can't help with that unless you post some code.
Solution courtesy of: Peter Lyons
What version of Express and Connect were pulled in as dependencies? I encountered a bug with firstname.lastname@example.org, which I think has been fixed in beta7 (though I haven't confirmed that myself). I'm running on email@example.com, which I know works, and you can revert to that by doing:
$ npm uninstall express $ npm install firstname.lastname@example.org
The master branch of Locomotive is using the Express 3.x betas, which have generally been pretty solid. I'm looking forward to that being stable, and pushing out new releases.
Discussion courtesy of: Jared Hanson
This recipe can be found in it's original form on Stack Over Flow