From 24c3e7f499efd8b1429cfe789c7e6a3631357045 Mon Sep 17 00:00:00 2001 From: Mustaque Ahmed Date: Wed, 16 Aug 2023 07:38:21 +0530 Subject: [PATCH] Fix `Single Page Application` example in `README.md` file (#678) Fixes #588 **Summary of Changes** 1. Add test case to validate proposed fix (both negative and positive test case). 2. Update `README.md` file. PS: If you want to verify how I'm able to reproduce the issue and tried my fix. Here is a link of my local PR where I have configured `Github Action` to execute same test cases on all the platforms i.e. `ubuntu`, `macos` and `windows`. PR link: https://github.com/amustaque97/mux/pull/1 > PS: Make sure your PR includes/updates tests! If you need help with this part, just ask! --------- Co-authored-by: Corey Daley --- README.md | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 4553c1fe..f3cdc9c4 100644 --- a/README.md +++ b/README.md @@ -247,20 +247,11 @@ type spaHandler struct { // file located at the index path on the SPA handler will be served. This // is suitable behavior for serving an SPA (single page application). func (h spaHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { - // get the absolute path to prevent directory traversal - path, err := filepath.Abs(r.URL.Path) - if err != nil { - // if we failed to get the absolute path respond with a 400 bad request - // and stop - http.Error(w, err.Error(), http.StatusBadRequest) - return - } - - // prepend the path with the path to the static directory - path = filepath.Join(h.staticPath, path) + // Join internally call path.Clean to prevent directory traversal + path := filepath.Join(h.staticPath, path) // check whether a file exists at the given path - _, err = os.Stat(path) + _, err := os.Stat(path) if os.IsNotExist(err) { // file does not exist, serve index.html http.ServeFile(w, r, filepath.Join(h.staticPath, h.indexPath))