Express res.sendfile throwing forbidden error
I believe it's because of the relative path; the "../" is considered malicious. Resolve the local path first, then call res.sendfile
. You can resolve the path with path.resolve
beforehand.
var path = require('path');
res.sendFile(path.resolve('temp/index.html'));
The Express documentation suggests doing it a different way, and in my opinion it makes more sense later than the current solution.
res.sendFile('index.html', {root: './temp'});
The root option seems to set ./
as the root directory of your project. So I cannot fully tell where you file is in relation to the project root, but if your temp folder is there, you can set ./temp
as the root for the file you're sending.
Also, you can use path.join
const path = require("path");
router.get("/", (req, res) => {
let indexPath = path.join(__dirname, "../public/index.html");
res.sendFile(indexPath);
});
This answer gathers together the info from the other answers/comments.
It depends whether you want to include something relative to the process working directory (cwd) or the file directory. Both use the path.resolve
function (put var path = require('path')
at the top of the file.
- relative to cwd:
path.resolve('../../some/path/to/file.txt');
- relative to file:
path.resolve(__dirname+'../../some/path/to/file.txt');
From reading the link from @Joe's comment, it sounds like relative paths are a security risk if you accept user input for the path (e.g. sendfile('../.ssh/id_rsa')
might be a hacker's first try).