Fix: Resolve the issue where the directory itself being a symlink does not work....

diff --git a/starlette/staticfiles.py b/starlette/staticfiles.py
index 7498c30112134f655f7ae1c9a1079cb15552dbcf..746e740e0e215983a69907bac68dd40bc71edc0e 100644 (file)
--- a/starlette/staticfiles.py
+++ b/starlette/staticfiles.py
@@ -155,7 +155,7 @@ class StaticFiles:
                 full_path = os.path.abspath(joined_path)
             else:
                 full_path = os.path.realpath(joined_path)
-            directory = os.path.realpath(directory)
+                directory = os.path.realpath(directory)
             if os.path.commonpath([full_path, directory]) != directory:
                 # Don't allow misbehaving clients to break out of the static files
                 # directory.

diff --git a/tests/test_staticfiles.py b/tests/test_staticfiles.py
index 8beb3cd8716d210bbe3bd6cf39bb53ae4240cac6..8f742359339e438dccfa75958f1b8d773b705372 100644 (file)
--- a/tests/test_staticfiles.py
+++ b/tests/test_staticfiles.py
@@ -559,3 +559,23 @@ def test_staticfiles_avoids_path_traversal(tmp_path: Path) -> None:
 
     assert exc_info.value.status_code == 404
     assert exc_info.value.detail == "Not Found"
+
+
+def test_staticfiles_self_symlinks(tmpdir: Path, test_client_factory: TestClientFactory) -> None:
+    statics_path = os.path.join(tmpdir, "statics")
+    os.mkdir(statics_path)
+
+    source_file_path = os.path.join(statics_path, "index.html")
+    with open(source_file_path, "w") as file:
+        file.write("<h1>Hello</h1>")
+
+    statics_symlink_path = os.path.join(tmpdir, "statics_symlink")
+    os.symlink(statics_path, statics_symlink_path)
+
+    app = StaticFiles(directory=statics_symlink_path, follow_symlink=True)
+    client = test_client_factory(app)
+
+    response = client.get("/index.html")
+    assert response.url == "http://testserver/index.html"
+    assert response.status_code == 200
+    assert response.text == "<h1>Hello</h1>"