403 / Forbidden on favicon with NodeJS / Express

I'm currently testing LocomotiveJS and have a very simple "hello world" app up

I thought I'd set up the connect favicon middleware, but when I visit any route ('/' for example) I get the following in the console:

127.0.0.1 - - [Tue, 17 Jul 2012 21:41:25 GMT] "GET / HTTP/1.1" 200 1491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11"
Error: Forbidden
    at SendStream.error (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/send/lib/send.js:142:16)
    at SendStream.pipe (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/send/lib/send.js:307:52)
    at Object.static (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/static.js:78:8)
    at next (/usr/local/lib/node_modules/locomotive/node_modules/express/node_modules/connect/lib/http.js:204:15)
    at pass (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:219:24)
    at Router._dispatch (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:280:5)
    at Object.middleware [as handle] (/usr/local/lib/node_modules/locomotive/node_modules/express/lib/router/index.js:45:10)
    at next (/usr/local/lib/node_modules/locomotive/node_modules/express/node_modules/connect/lib/http.js:204:15)
    at multipart (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/multipart.js:52:61)
    at module.exports (/Users/alex/Desktop/LocoTest/node_modules/express/node_modules/connect/lib/middleware/bodyParser.js:57:9)
127.0.0.1 - - [Tue, 17 Jul 2012 21:41:25 GMT] "GET /favicon.ico HTTP/1.1" 403 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11"

Any idea what's causing this?

Answers


It looks like the send middleware is considering this request malicious because it's not the root and contains "..". I'm not sure why /favicon.ico would cause isMalicious to return true though. I'd suggest debugging into isMalicious and examining this._root and this.path. Could either be some bug in send or favicon middleware or perhaps your code isn't configuring them. Can't help with that unless you post some code.


What version of Express and Connect were pulled in as dependencies? I encountered a bug with express@3.0.0beta6, which I think has been fixed in beta7 (though I haven't confirmed that myself). I'm running on express@3.0.0beta4, which I know works, and you can revert to that by doing:

$ npm uninstall express
$ npm install express@3.0.0beta4

The master branch of Locomotive is using the Express 3.x betas, which have generally been pretty solid. I'm looking forward to that being stable, and pushing out new releases.


Need Your Help

jQuery, get all the values of all cloned input fields

jquery html clone

Need some help or pointers to achieve the following.

Extract variable policy not working

documentation apigee

I have configured my extract variable policy to the following