403 / Forbidden on favicon with NodeJS / Express

综合技术 2018-05-23

I'm currently testing LocomotiveJS
and have a very simple "hello world" app up

I thought I'd set up the connect favicon middleware, but when I visit any route ('/' for example) I get the following in the console: - - [Tue, 17 Jul 2012 21:41:25 GMT] "GET / HTTP/1.1" 200 1491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11"
Error: Forbidden
    at SendStream.error (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/send/lib/send.js:142:16)
    at SendStream.pipe (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/send/lib/send.js:307:52)
    at Object.static (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/static.js:78:8)
    at next (/usr/local/lib/node_modules/locomotive/node_modules/express/node_modules/connect/lib/http.js:204:15)
    at pass (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:219:24)
    at Router._dispatch (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:280:5)
    at Object.middleware [as handle] (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:45:10)
    at next (/usr/local/lib/node_modules/locomotive/node_modules/express/node_modules/connect/lib/http.js:204:15)
    at multipart (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/multipart.js:52:61)
    at module.exports (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/bodyParser.js:57:9) - - [Tue, 17 Jul 2012 21:41:25 GMT] "GET /favicon.ico HTTP/1.1" 403 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11"

Any idea what's causing this?

Problem courtesy of: Alex


It looks like the send middleware is considering this request malicious
because it's not the root and contains "..". I'm not sure why /favicon.ico
would cause isMalicious to return true
though. I'd suggest debugging into isMalicious
and examining this._root
and this.path
. Could either be some bug in send
or favicon
middleware or perhaps your code isn't configuring them. Can't help with that unless you post some code.

Solution courtesy of: Peter Lyons


What version of Express and Connect were pulled in as dependencies? I encountered a bug with express@3.0.0beta6, which I think has been fixed in beta7 (though I haven't confirmed that myself). I'm running on express@3.0.0beta4, which I know works, and you can revert to that by doing:

$ npm uninstall express
$ npm install express@3.0.0beta4

The master branch of Locomotive is using the Express 3.x betas, which have generally been pretty solid. I'm looking forward to that being stable, and pushing out new releases.

Discussion courtesy of: Jared Hanson

This recipe can be found in it's original form on Stack Over Flow


Vue-cli + express 构建的SPA Blog(采用前后端分离方案)... 1.发展趋势 最近这几年的前端圈子,由于戏台一般精彩纷呈,从 MVC 到 MVVM,你刚唱罢我登场。 backbone,AngularJS 已成昨日黄花,reactjs 如日中天,同时另一更轻量的 vue 发展势头更猛,号称兼具了 angularjs 和 reactjs 的两者优点。 2.V...
Node.js Express haml not rendering correctly My repo for this problem is at: https://github.com/okor/express_bad_haml The problem is that I can get the app to render the layout co...
NodeJS/Express Workflow with CoffeeScript & St... I have decided to use ExpressJS with CoffeeScript and Stylus. Usually when I work with CoffeeScript, I do a coffee --watch and something...
Grabbing existing session on page reload with expr... Using connect, express, and socket.io, I'm trying to allow my application to grab the session details when reconnecting. My sessions obviously work wh...
Passing a value to a Node js module for Express ro... I want to pass the environment for Express to a routing module for Express. I want to key off of whether Express is running in development or producti...