From 3f6f3e847ad87f1320efea5d0b0f4879587df0b6 Mon Sep 17 00:00:00 2001
From: Caen De Silva <caen@desilva.se>
Date: Thu, 26 Oct 2023 17:03:41 +0200
Subject: [PATCH] Permit dashboard to open CSS and JS files

---
 packages/realtime-compiler/src/Http/DashboardController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/realtime-compiler/src/Http/DashboardController.php b/packages/realtime-compiler/src/Http/DashboardController.php
index 2f30e34b4b5..3654aae48f4 100644
--- a/packages/realtime-compiler/src/Http/DashboardController.php
+++ b/packages/realtime-compiler/src/Http/DashboardController.php
@@ -326,7 +326,7 @@ protected function openMediaFileInEditor(MediaFile $file): void
             $binary = $this->findGeneralOpenBinary();
             $path = $file->getAbsolutePath();
 
-            if (! in_array($file->getExtension(), ['png', 'svg', 'jpg', 'jpeg', 'gif', 'ico'])) {
+            if (! in_array($file->getExtension(), ['png', 'svg', 'jpg', 'jpeg', 'gif', 'ico', 'css', 'js'])) {
                 $this->abort(403, sprintf("Refusing to open unsafe file '%s'", basename($path)));
             }