DON'T MERGE" #21
DON'T MERGE" #21
Conversation
…nk-to-elpx-is-not-working
…able-version-refactor Integrates user theme management changes (CSS/JS handling for ELPX-imported themes) with static mode refactoring (subdirectory deployment support). Key changes merged: - User theme CSS/JS inline loading for preview - Static mode path handling for blob URL contexts - ResourceFetcher user theme methods (setUserThemeFiles, getUserTheme, getUserThemeAsync) - Static mode bundle URL generation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
… into release/3.1-embedable-version-refactor
… into release/3.1-embedable-version-refactor
…ub.com:exelearning/exelearning into release/3.1-static-version-2
…e/3.1-static-version-2
…e/3.1-static-version-2
…e/3.1-static-version-2
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 61cfd1fca5
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const safePath = path.normalize(pathname).replace(/^(\.\.[/\\])+/, ''); | ||
| const filePath = path.join(staticDir, safePath); | ||
|
|
||
| // Ensure file is within static directory | ||
| if (!filePath.startsWith(staticDir)) { |
There was a problem hiding this comment.
Because req.url always begins with /, safePath stays absolute (e.g., /index.html). path.join(staticDir, safePath) then ignores staticDir and produces /index.html, which fails the startsWith(staticDir) check and returns 403 for every request, including the initial / load. This makes the embedded server unable to serve any static file, so the Electron window will consistently load a 403/blank page. You need to remove the leading / (or use path.resolve with a relative path) before joining.
Useful? React with 👍 / 👎.
…e/3.1-static-version-2
|
No description provided.