X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fdingus.js;h=84c1d14b6a38e4d9050e76eaf7095588f501196d;hb=47f38ca4c67e902ccef0b7114a0d144f476258bd;hp=343283974d7c723a6cbb8eb85fc3e3b942230fff;hpb=1bfd3f26e768c390a6be543281e79b7ea5c4b9c5;p=squeep-api-dingus

diff --git a/lib/dingus.js b/lib/dingus.js
index 3432839..84c1d14 100644
--- a/lib/dingus.js
+++ b/lib/dingus.js
@@ -27,6 +27,7 @@ const defaultOptions = {
   strictAccept: true,
   selfBaseUrl: '',
   staticMetadata: true,
+  staticPath: undefined, // no reasonable default
   trustProxy: true,
   querystring,
 };
@@ -494,6 +495,12 @@ class Dingus {
     const _scope = _fileScope('serveFile');
     this.logger.debug(_scope, 'called', { req: common.requestLogData(req), ctx });
 
+    // Require a directory field.
+    if (!directory) {
+      this.logger.debug(_scope, 'rejected unset directory', { fileName });
+      return this.handlerNotFound(req, res, ctx);
+    }
+
     // Normalize the supplied path, as encoded path-navigation may have been (maliciously) present.
     fileName = path.normalize(fileName);