diff --git a/mitmproxy/addons/maplocal.py b/mitmproxy/addons/maplocal.py
index b50965a37..cc1c2a9f1 100644
--- a/mitmproxy/addons/maplocal.py
+++ b/mitmproxy/addons/maplocal.py
@@ -41,15 +41,15 @@ class MapLocal:
 
     def sanitize_candidate_path(self, candidate_path, base_path):
         try:
-            candidate_path.resolve(strict=True)
-            if base_path in candidate_path.parents:
+            candidate_path = candidate_path.resolve(strict=True)
+            if base_path == candidate_path or base_path in candidate_path.parents:
                 return candidate_path
         except FileNotFoundError:
             pass
         return None
 
     def file_candidates(self, url: str, spec: ModifySpec) -> typing.List[Path]:
-        replacement = spec.replacement_str
+        replacement = spec.replacement
         candidates = []
 
         if replacement.is_file():
@@ -85,30 +85,26 @@ class MapLocal:
         )
         return mimetype
 
-
     def request(self, flow: http.HTTPFlow) -> None:
         if flow.reply and flow.reply.has_message:
             return
         for spec in self.replacements:
             req = flow.request
             url = req.pretty_url
-            base_path = Path(spec.replacement_str)
+            base_path = Path(spec.replacement)
 
             if spec.matches(flow) and re.search(spec.subject, url.encode("utf8", "surrogateescape")):
                 file_candidates = self.file_candidates(url, spec)
-                
+
                 for file_candidate in file_candidates:
                     file_candidate = Path(file_candidate)
                     if self.sanitize_candidate_path(file_candidate, base_path):
                         try:
-                            with open(file_candidate, "rb") as file:
-                                replacement = file.read()
+                            flow.response = http.HTTPResponse.make(
+                                200,
+                                file_candidate.read_bytes(),
+                                {"Content-Type": self.get_mime_type(str(file_candidate))}
+                            )
                         except IOError:
                             ctx.log.warn(f"Could not read replacement file {file_candidate}")
                             return
-
-                        flow.response = http.HTTPResponse.make( 
-                            200,
-                            replacement,
-                            {"Content-Type": self.get_mime_type(str(file_candidate))}
-                        )
diff --git a/mitmproxy/addons/modifyheaders.py b/mitmproxy/addons/modifyheaders.py
index 50fae906d..590cf959a 100644
--- a/mitmproxy/addons/modifyheaders.py
+++ b/mitmproxy/addons/modifyheaders.py
@@ -12,7 +12,7 @@ from mitmproxy import ctx
 class ModifySpec(typing.NamedTuple):
     matches: flowfilter.TFilter
     subject: bytes
-    replacement_str: str
+    replacement: str
 
     def read_replacement(self) -> bytes:
         """
@@ -22,11 +22,11 @@ class ModifySpec(typing.NamedTuple):
         Raises:
             - IOError if the file cannot be read.
         """
-        if self.replacement_str.startswith("@"):
-            return Path(self.replacement_str[1:]).expanduser().read_bytes()
+        if self.replacement.startswith("@"):
+            return Path(self.replacement[1:]).expanduser().read_bytes()
         else:
             # We could cache this at some point, but unlikely to be a problem.
-            return strutils.escaped_str_to_bytes(self.replacement_str)
+            return strutils.escaped_str_to_bytes(self.replacement)
 
 
 def _match_all(flow) -> bool: