@@ -119,12 +119,15 @@ export function serveStaticMiddleware(
119
119
if (
120
120
cleanedUrl [ cleanedUrl . length - 1 ] === '/' ||
121
121
path . extname ( cleanedUrl ) === '.html' ||
122
- isInternalRequest ( req . url ! )
122
+ isInternalRequest ( req . url ! ) ||
123
+ // skip url starting with // as these will be interpreted as
124
+ // scheme relative URLs by new URL() and will not be a valid file path
125
+ req . url ?. startsWith ( '//' )
123
126
) {
124
127
return next ( )
125
128
}
126
129
127
- const url = new URL ( req . url ! . replace ( / ^ \/ { 2 , } / , '/' ) , 'http://example.com' )
130
+ const url = new URL ( req . url ! , 'http://example.com' )
128
131
const pathname = decodeURI ( url . pathname )
129
132
130
133
// apply aliases to static requests as well
@@ -177,12 +180,12 @@ export function serveRawFsMiddleware(
177
180
178
181
// Keep the named function. The name is visible in debug logs via `DEBUG=connect:dispatcher ...`
179
182
return function viteServeRawFsMiddleware ( req , res , next ) {
180
- const url = new URL ( req . url ! . replace ( / ^ \/ { 2 , } / , '/' ) , 'http://example.com' )
181
183
// In some cases (e.g. linked monorepos) files outside of root will
182
184
// reference assets that are also out of served root. In such cases
183
185
// the paths are rewritten to `/@fs/` prefixed paths and must be served by
184
186
// searching based from fs root.
185
- if ( url . pathname . startsWith ( FS_PREFIX ) ) {
187
+ if ( req . url ! . startsWith ( FS_PREFIX ) ) {
188
+ const url = new URL ( req . url ! , 'http://example.com' )
186
189
const pathname = decodeURI ( url . pathname )
187
190
// restrict files outside of `fs.allow`
188
191
if (
0 commit comments