..

backend_proxy.cjs

@@ -99,10 +99,20 @@ function startServer() {
             }
         }
 
-        let filePath = path.join(__dirname, 'dist', req.url === '/' ? 'index.html' : req.url);
+        // Fix for Windows: req.url starts with / which path.join treats as absolute
+        const requestPath = req.url === '/' ? '/index.html' : req.url;
+        // Remove leading slash for path.join to work relatively
+        const relativePath = requestPath.startsWith('/') ? requestPath.slice(1) : requestPath;
+
+        // Decoding URL (handling spaces etc)
+        const decodedPath = decodeURIComponent(relativePath);
+
+        let filePath = path.join(__dirname, 'dist', decodedPath);
 
         // Prevent directory traversal
-        if (!filePath.startsWith(path.join(__dirname, 'dist'))) {
+        const distRoot = path.join(__dirname, 'dist');
+        if (!filePath.startsWith(distRoot)) {
+            console.log(`[Security Block] ${filePath} is outside ${distRoot}`);
             res.writeHead(403);
             res.end('Forbidden');
             return;

index.css

@@ -1,3 +1 @@
-@tailwind base;
-@tailwind components;
-@tailwind utilities;
+@import "tailwindcss";