403 / Forbidden on favicon with NodeJS / Express

综合技术 2018-05-23 阅读原文

I'm currently testing LocomotiveJS
and have a very simple "hello world" app up

I thought I'd set up the connect favicon middleware, but when I visit any route ('/' for example) I get the following in the console:

127.0.0.1 - - [Tue, 17 Jul 2012 21:41:25 GMT] "GET / HTTP/1.1" 200 1491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11"
Error: Forbidden
    at SendStream.error (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/send/lib/send.js:142:16)
    at SendStream.pipe (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/send/lib/send.js:307:52)
    at Object.static (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/static.js:78:8)
    at next (/usr/local/lib/node_modules/locomotive/node_modules/express/node_modules/connect/lib/http.js:204:15)
    at pass (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:219:24)
    at Router._dispatch (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:280:5)
    at Object.middleware [as handle] (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:45:10)
    at next (/usr/local/lib/node_modules/locomotive/node_modules/express/node_modules/connect/lib/http.js:204:15)
    at multipart (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/multipart.js:52:61)
    at module.exports (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/bodyParser.js:57:9)
127.0.0.1 - - [Tue, 17 Jul 2012 21:41:25 GMT] "GET /favicon.ico HTTP/1.1" 403 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11"

Any idea what's causing this?

Problem courtesy of: Alex

Solution

It looks like the send middleware is considering this request malicious
because it's not the root and contains "..". I'm not sure why /favicon.ico
would cause isMalicious to return true
though. I'd suggest debugging into isMalicious
and examining this._root
and this.path
. Could either be some bug in send
or favicon
middleware or perhaps your code isn't configuring them. Can't help with that unless you post some code.

Solution courtesy of: Peter Lyons

Discussion

What version of Express and Connect were pulled in as dependencies? I encountered a bug with express@3.0.0beta6, which I think has been fixed in beta7 (though I haven't confirmed that myself). I'm running on express@3.0.0beta4, which I know works, and you can revert to that by doing:

$ npm uninstall express
$ npm install express@3.0.0beta4

The master branch of Locomotive is using the Express 3.x betas, which have generally been pretty solid. I'm looking forward to that being stable, and pushing out new releases.

Discussion courtesy of: Jared Hanson

This recipe can be found in it's original form on Stack Over Flow
.

Node.js Recipes

责编内容by:Node.js Recipes阅读原文】。感谢您的支持!

您可能感兴趣的

渐进式Express源码学习2-道士下山 这篇文章我们在第一篇文章的基础上,实现一个稍微加强版的Express,功能包括 自定义处理用户的请求 区分请求方法,对不同请求方法由不同的函数...
Node.js & amp; Express ... Been working on this for most of the night - and morning... I have a large form ...
Express not finding/using layout I am trying to use express and render a layout.jade my directory tree is...
Express JS vs pure Node.js – performance ben... I have a question - does anyone has any benchmark data re. using Express JS fra...
express-subdomain-handler in railway tell me subdo... ok i got this problem. i have this routes: (code bit change) File:/home/dotcloud...