WARNING! DON'T MERGE #19
Conversation
…nk-to-elpx-is-not-working
…able-version-refactor Integrates user theme management changes (CSS/JS handling for ELPX-imported themes) with static mode refactoring (subdirectory deployment support). Key changes merged: - User theme CSS/JS inline loading for preview - Static mode path handling for blob URL contexts - ResourceFetcher user theme methods (setUserThemeFiles, getUserTheme, getUserThemeAsync) - Static mode bundle URL generation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
… into release/3.1-embedable-version-refactor
… into release/3.1-embedable-version-refactor
Resolved conflicts: - public/app/app.js: Combined DataProvider/adapters init with registerPreviewServiceWorker - test/e2e/playwright/specs/preview-page-updates.spec.ts: Combined imports - Deleted WebsitePreviewExporter.ts/.spec.ts (replaced by Service Worker approach)
…e/3.1-static-version
…e/3.1-static-version
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c522d20c44
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const safePath = path.normalize(pathname).replace(/^(\.\.[/\\])+/, ''); | ||
| const filePath = path.join(staticDir, safePath); | ||
|
|
||
| // Ensure file is within static directory | ||
| if (!filePath.startsWith(staticDir)) { |
There was a problem hiding this comment.
The static server normalizes pathname but keeps the leading /, so path.join(staticDir, safePath) discards staticDir and yields an абсолют path like /index.html. That makes filePath.startsWith(staticDir) fail for every normal browser request (/, /index.html, /assets/...), returning 403 and preventing the Electron window from loading any static content. This breaks all static-mode launches that hit http://127.0.0.1:${STATIC_PORT}/.
Useful? React with 👍 / 👎.
No description provided.