vite 7.3.1 → 7.3.2

package/dist/node/chunks/config.js

@@ -22552,7 +22552,7 @@ const ERR_DENIED_ID = "ERR_DENIED_ID";
 const debugLoad = createDebugger("vite:load");
 const debugTransform = createDebugger("vite:transform");
 const debugCache$1 = createDebugger("vite:cache");
-function transformRequest(environment, url$3, options$1 = {}) {
+function transformRequest(environment, url$3, options$1) {
 	if (environment._closing && environment.config.dev.recoverable) throwClosedServerError();
 	const timestamp = monotonicDateNow();
 	url$3 = removeTimestampQuery(url$3);
@@ -22616,7 +22616,7 @@ async function loadAndTransform(environment, id, url$3, options$1, timestamp, mo
 	const { config: config$2, pluginContainer, logger } = environment;
 	const prettyUrl = debugLoad || debugTransform ? prettifyUrl(url$3, config$2.root) : "";
 	const moduleGraph = environment.moduleGraph;
-	if (options$1.allowId && !options$1.allowId(id)) {
+	if (!options$1.skipFsCheck && id[0] !== "\0" && isServerAccessDeniedForTransform(config$2, id)) {
 		const err$2 = /* @__PURE__ */ new Error(`Denied ID ${id}`);
 		err$2.code = ERR_DENIED_ID;
 		err$2.id = id;
@@ -22628,7 +22628,7 @@ async function loadAndTransform(environment, id, url$3, options$1, timestamp, mo
 	const loadResult = await pluginContainer.load(id);
 	if (loadResult == null) {
 		const file = cleanUrl(id);
-		if (environment.config.consumer === "server" || isFileLoadingAllowed(environment.getTopLevelConfig(), slash(file))) {
+		if (options$1.skipFsCheck || isFileLoadingAllowed(environment.getTopLevelConfig(), slash(file))) {
 			try {
 				code = await fsp.readFile(file, "utf-8");
 				debugLoad?.(`${timeFrom(loadStart)} [fs] ${prettyUrl}`);
@@ -24454,7 +24454,7 @@ const rawRE$1 = /[?&]raw\b/;
 const inlineRE$2 = /[?&]inline\b/;
 const svgRE = /\.svg\b/;
 function isServerAccessDeniedForTransform(config$2, id) {
-	if (rawRE$1.test(id) || urlRE$1.test(id) || inlineRE$2.test(id) || svgRE.test(id)) return checkLoadingAccess(config$2, id) !== "allowed";
+	if (rawRE$1.test(id) || urlRE$1.test(id) || inlineRE$2.test(id) || svgRE.test(id)) return checkLoadingAccess(config$2, cleanUrl(id)) !== "allowed" || checkLoadingAccess(config$2, id) !== "allowed";
 	return false;
 }
 /**
@@ -24500,31 +24500,35 @@ function transformMiddleware(server) {
 		}
 		const withoutQuery = cleanUrl(url$3);
 		try {
-			if (withoutQuery.endsWith(".map")) if (environment.depsOptimizer?.isOptimizedDepUrl(url$3)) {
-				const sourcemapPath = url$3.startsWith(FS_PREFIX) ? fsPathFromId(url$3) : normalizePath(path.resolve(server.config.root, url$3.slice(1)));
-				try {
-					const map$1 = JSON.parse(await fsp.readFile(sourcemapPath, "utf-8"));
-					applySourcemapIgnoreList(map$1, sourcemapPath, server.config.server.sourcemapIgnoreList, server.config.logger);
-					return send(req$4, res, JSON.stringify(map$1), "json", { headers: server.config.server.headers });
-				} catch {
-					const dummySourceMap = {
-						version: 3,
-						file: sourcemapPath.replace(/\.map$/, ""),
-						sources: [],
-						sourcesContent: [],
-						names: [],
-						mappings: ";;;;;;;;;"
-					};
-					return send(req$4, res, JSON.stringify(dummySourceMap), "json", {
-						cacheControl: "no-cache",
-						headers: server.config.server.headers
-					});
+			if (withoutQuery.endsWith(".map")) {
+				const depsOptimizer = environment.depsOptimizer;
+				if (depsOptimizer?.isOptimizedDepUrl(url$3)) {
+					const sourcemapPath = url$3.startsWith(FS_PREFIX) ? fsPathFromId(url$3) : normalizePath(path.resolve(server.config.root, url$3.slice(1)));
+					if (!depsOptimizer.isOptimizedDepFile(sourcemapPath)) return next();
+					try {
+						const map$1 = JSON.parse(await fsp.readFile(sourcemapPath, "utf-8"));
+						applySourcemapIgnoreList(map$1, sourcemapPath, server.config.server.sourcemapIgnoreList, server.config.logger);
+						return send(req$4, res, JSON.stringify(map$1), "json", { headers: server.config.server.headers });
+					} catch {
+						const dummySourceMap = {
+							version: 3,
+							file: sourcemapPath.replace(/\.map$/, ""),
+							sources: [],
+							sourcesContent: [],
+							names: [],
+							mappings: ";;;;;;;;;"
+						};
+						return send(req$4, res, JSON.stringify(dummySourceMap), "json", {
+							cacheControl: "no-cache",
+							headers: server.config.server.headers
+						});
+					}
+				} else {
+					const originalUrl = url$3.replace(/\.map($|\?)/, "$1");
+					const map$1 = (await environment.moduleGraph.getModuleByUrl(originalUrl))?.transformResult?.map;
+					if (map$1) return send(req$4, res, JSON.stringify(map$1), "json", { headers: server.config.server.headers });
+					else return next();
 				}
-			} else {
-				const originalUrl = url$3.replace(/\.map($|\?)/, "$1");
-				const map$1 = (await environment.moduleGraph.getModuleByUrl(originalUrl))?.transformResult?.map;
-				if (map$1) return send(req$4, res, JSON.stringify(map$1), "json", { headers: server.config.server.headers });
-				else return next();
 			}
 			if (publicDirInRoot && url$3.startsWith(publicPath)) warnAboutExplicitPublicPathInUrl(url$3);
 			if (req$4.headers["sec-fetch-dest"] === "script" || isJSRequest(url$3) || isImportRequest(url$3) || isCSSRequest(url$3) || isHTMLProxy(url$3)) {
@@ -24539,9 +24543,7 @@ function transformMiddleware(server) {
 						return res.end();
 					}
 				}
-				const result = await environment.transformRequest(url$3, { allowId(id) {
-					return id[0] === "\0" || !isServerAccessDeniedForTransform(server.config, id);
-				} });
+				const result = await environment.transformRequest(url$3);
 				if (result) {
 					const depsOptimizer = environment.depsOptimizer;
 					const type = isDirectCSSRequest(url$3) ? "css" : "js";
@@ -24591,7 +24593,8 @@ function transformMiddleware(server) {
 			if (e$1?.code === ERR_LOAD_URL) return next();
 			if (e$1?.code === ERR_DENIED_ID) {
 				const id = e$1.id;
-				const servingAccessResult = checkLoadingAccess(server.config, id);
+				let servingAccessResult = checkLoadingAccess(server.config, cleanUrl(id));
+				if (servingAccessResult === "allowed") servingAccessResult = checkLoadingAccess(server.config, id);
 				if (servingAccessResult === "denied") {
 					respondWithAccessDenied(id, server, res);
 					return true;
@@ -26326,6 +26329,7 @@ function createServerHotChannel() {
 	const innerEmitter = new EventEmitter();
 	const outsideEmitter = new EventEmitter();
 	return {
+		skipFsCheck: true,
 		send(payload) {
 			outsideEmitter.emit("send", payload);
 		},
@@ -34741,6 +34745,10 @@ var DevEnvironment = class extends BaseEnvironment {
 	* @internal
 	*/
 	_remoteRunnerOptions;
+	/**
+	* @internal
+	*/
+	_skipFsCheck;
 	get pluginContainer() {
 		if (!this._pluginContainer) throw new Error(`${this.name} environment.pluginContainer called before initialized`);
 		return this._pluginContainer;
@@ -34778,9 +34786,11 @@ var DevEnvironment = class extends BaseEnvironment {
 		this.moduleGraph = new EnvironmentModuleGraph(name, (url$3) => this.pluginContainer.resolveId(url$3, void 0));
 		this._crawlEndFinder = setupOnCrawlEnd();
 		this._remoteRunnerOptions = context.remoteRunner ?? {};
+		this._skipFsCheck = !!(context.transport && !(isWebSocketServer in context.transport) && context.transport.skipFsCheck);
 		this.hot = context.transport ? isWebSocketServer in context.transport ? context.transport : normalizeHotChannel(context.transport, context.hot) : normalizeHotChannel({}, context.hot);
 		this.hot.setInvokeHandler({
 			fetchModule: (id, importer, options$2) => {
+				if (context.disableFetchModule) throw new Error("fetchModule is disabled in this environment");
 				return this.fetchModule(id, importer, options$2);
 			},
 			getBuiltins: async () => {
@@ -34831,12 +34841,12 @@ var DevEnvironment = class extends BaseEnvironment {
 	async reloadModule(module$1) {
 		if (this.config.server.hmr !== false && module$1.file) updateModules(this, module$1.file, [module$1], monotonicDateNow());
 	}
-	transformRequest(url$3, options$1) {
-		return transformRequest(this, url$3, options$1);
+	transformRequest(url$3) {
+		return transformRequest(this, url$3, { skipFsCheck: this._skipFsCheck });
 	}
 	async warmupRequest(url$3) {
 		try {
-			await this.transformRequest(url$3);
+			await transformRequest(this, url$3, { skipFsCheck: true });
 		} catch (e$1) {
 			if (e$1?.code === ERR_OUTDATED_OPTIMIZED_DEP || e$1?.code === ERR_CLOSED_SERVER) return;
 			this.logger.error(buildErrorMessage(e$1, [`Pre-transform error: ${e$1.message}`], false), {
@@ -35218,7 +35228,8 @@ function defineConfig(config$2) {
 function defaultCreateClientDevEnvironment(name, config$2, context) {
 	return new DevEnvironment(name, config$2, {
 		hot: true,
-		transport: context.ws
+		transport: context.ws,
+		disableFetchModule: true
 	});
 }
 function defaultCreateDevEnvironment(name, config$2) {

package/dist/node/index.d.ts

@@ -956,7 +956,6 @@ interface TransformOptions {
   */
   ssr?: boolean;
 }
-interface TransformOptionsInternal {}
 //#endregion
 //#region src/node/server/moduleGraph.d.ts
 declare class EnvironmentModuleNode {
@@ -1121,6 +1120,11 @@ interface HotChannelClient {
 }
 type HotChannelListener<T$1 extends string = string> = (data: InferCustomEventPayload<T$1>, client: HotChannelClient) => void;
 interface HotChannel<Api = any> {
+  /**
+  * When true, the fs access check is skipped in fetchModule.
+  * Set this for transports that is not exposed over the network.
+  */
+  skipFsCheck?: boolean;
   /**
   * Broadcast events to all clients
   */
@@ -1565,7 +1569,7 @@ declare class DevEnvironment extends BaseEnvironment {
   listen(server: ViteDevServer): Promise<void>;
   fetchModule(id: string, importer?: string, options?: FetchFunctionOptions): Promise<moduleRunner_FetchResult>;
   reloadModule(module: EnvironmentModuleNode): Promise<void>;
-  transformRequest(url: string, options?: TransformOptionsInternal): Promise<TransformResult | null>;
+  transformRequest(url: string): Promise<TransformResult | null>;
   warmupRequest(url: string): Promise<void>;
   close(): Promise<void>;
   /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vite",
-  "version": "7.3.1",
+  "version": "7.3.2",
   "type": "module",
   "license": "MIT",
   "author": "Evan You",