Added extra check so that only HTML files are handled with care

megoth · megoth · commit f71e582d8528 · 2019-01-30T00:32:30.000+01:00
The hack will only work when it's a HTML file that is returned as the representation for the root resource
diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js
@@ -57,10 +57,13 @@ function allow (mode, checkPermissionsForDirectory) {
       // This is a hack to make NSS check the ACL for representation that is served for root (if any)
       // See https://github.com/solid/node-solid-server/issues/1063 for more info
       const representationUrl = await ldp.resourceMapper.getRepresentationUrlForResource(resourceUrl)
-      req.acl = ACL.createFromLDPAndRequest(representationUrl, ldp, req)
-      const representationIsAllowed = await req.acl.can(userId, mode)
-      if (representationIsAllowed) {
-        return next()
+      if (representationUrl.endsWith('index.html')) {
+        // We ONLY want to do this when the representation we return is a HTML file
+        req.acl = ACL.createFromLDPAndRequest(representationUrl, ldp, req)
+        const representationIsAllowed = await req.acl.can(userId, mode)
+        if (representationIsAllowed) {
+          return next()
+        }
       }
     }
     const error = await req.acl.getError(userId, mode)
