svelte-leftovers Svelte Themes

Svelte Leftovers

Reproduction of a curious security risk (from server-side standpoint)

Svelte secret paths leftovers

pnpm i
pnpm run dev # confirm that /secret1 and /secret2 are accessible
rm -rf build .svelte-kit
pnpm run build
node build # confirm that /secret1 and /secret2 are not accessible
rg "FOR YOUR EYES ONLY" --files-with-matches build/client
build/client/_app/immutable/nodes/6.DwWcBpQj.js
build/client/_app/immutable/nodes/5.CeDFqYZm.js

As long as these node ids are predictable, this is a security risk, no?

Top categories

Loading Svelte Themes