monorepo setups break when updating to vite 2.3.x

[lovasoa]

Describe the bug

All monorepo projects were accidentally broken while trying to fix an arbitrary file inclusion vulnerability in #3321

Reproduction

Create two folders:

• root/frontend and root/mypackage
• initialize an npm package in root/mypackage
• initialize a vite project in root/frontend
• in root/frontend, npm install ../mypackage
• use mypackage in the project
• serve the fontend project with vite

Logs

11:54:17 AM [vite] Internal server error: The request url "root/mypackage" is outside of vite dev server root "root/frontend". 
      For security concerns, accessing files outside of workspace root is restricted since Vite v2.3.x. 
      Refer to docs https://vitejs.dev/config/#server-fsserveroot for configurations and more details.
      at ensureServingAccess (/home/olojkine/dev/sizopt/frontend_patterm/node_modules/vite/dist/node/chunks/dep-c9ea388d.js:57841:15)
      at transformRequest (/home/olojkine/dev/sizopt/frontend_patterm/node_modules/vite/dist/node/chunks/dep-c9ea388d.js:57883:17)
      at processTicksAndRejections (internal/process/task_queues.js:93:5)
      at async viteTransformMiddleware (/home/olojkine/dev/sizopt/frontend_patterm/node_modules/vite/dist/node/chunks/dep-c9ea388d.js:58069:32)

See #3321 (comment)

[arpowers]

Have the same issue, in addition, SSR seems to trigger the problem when simply referencing the route.

Internal server error: The request url "/my/standard/route" is outside of vite dev server root ...

[patak-cat]

This should be fixed in the latest version of Vite. See also https://vitejs.dev/config/#server-fs-allow with a config like

export default {
  server: {
    fs: {
      // Allow serving files from one level up to the project root
      allow: ['..']
    }
  }
}

in case the heuristic to detect the monorepo isn't working by default in your project.