{"id":215,"hash":"077e6c215f9e13d465a827348b6475adb7897ec4769c62aa59ce2e3d383f56cf","pattern":"Express res.sendfile throwing forbidden error","full_message":"I have this code:\n\nres.sendfile( '../../temp/index.html' )\n\nHowever, it throws this error:\n\nError: Forbidden\nat SendStream.error (/Users/Oliver/Development/Personal/Reader/node_modules/express/node_modules/send/lib/send.js:145:16)\nat SendStream.pipe (/Users/Oliver/Development/Personal/Reader/node_modules/express/node_modules/send/lib/send.js:307:39)\nat ServerResponse.res.sendfile (/Users/Oliver/Development/Personal/Reader/node_modules/express/lib/response.js:339:8)\nat exports.boot (/Users/Oliver/Development/Personal/Reader/server/config/routes.js:18:9)\nat callbacks (/Users/Oliver/Development/Personal/Reader/node_modules/express/lib/router/index.js:161:37)\nat param (/Users/Oliver/Development/Personal/Reader/node_modules/express/lib/router/index.js:135:11)\nat pass (/Users/Oliver/Development/Personal/Reader/node_modules/express/lib/router/index.js:142:5)\nat Router._dispatch (/Users/Oliver/Development/Personal/Reader/node_modules/express/lib/router/index.js:170:5)\nat Object.router (/Users/Oliver/Development/Personal/Reader/node_modules/express/lib/router/index.js:33:10)\nat next (/Users/Oliver/Development/Personal/Reader/node_modules/express/node_modules/connect/lib/proto.js:199:15)\n\nCan anyone tell me why this might be?","ecosystem":"npm","package_name":"node.js","package_version":null,"solution":"I believe it's because of the relative path; the \"../\" is considered malicious. Resolve the local path first, then call res.sendfile.  You can resolve the path with path.resolve beforehand.\n\nvar path = require('path');\nres.sendFile(path.resolve('temp/index.html'));","confidence":0.95,"source":"stackoverflow","source_url":"https://stackoverflow.com/questions/14594121/express-res-sendfile-throwing-forbidden-error","votes":201,"created_at":"2026-04-19T04:41:32.695328+00:00","updated_at":"2026-04-19T04:51:14.653562+00:00"}