Looking a bit further, it does make sense to me to block all directory
requests in ClasspathAssetRequestHandler by default,
as directory listing is not something you'd expect to receive via HTTP.
That workaround won't work if you have folder with dot in the name though,
so something more type-safe
Hi,
Thank you for the quick reply, I've added the following rule in my AppModule.
@Contribute(ClasspathAssetProtectionRule.class)
public static void contributeClasspathAssetProtectionRule(
OrderedConfiguration configuration)
{
ClasspathAssetProtectionRule fileWithDot = (s) ->
!s.toLowe
Hi,
I wasn't aware of it, thanks for bringing it up.
>From what I found in code, AssetsModule contributes three asset protection
rules: for .xml, .class, and .properties files:
public static void contributeClasspathAssetProtectionRule(
OrderedConfiguration configuration)
{
ClasspathA
Hi all,
Following a pen-test of our application, it has been raised that the
list of assets if visible as a directory listing.
For example, we have a javascript file available at this location
/assets/meta/z58f7f3d4/javascript/library.js but when we access
/assets/meta/z58f7f3d4/javascript/ the w
