This is an automated email from the ASF dual-hosted git repository.
mthomsen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 5127cb2 NIFI-6392: Avoid accessing the dir for /nifi-docs
5127cb2 is described below
commit 5127cb209a8382e07eb8ee27ee16e79f16e2f97e
Author: Kemix Koo <[email protected]>
AuthorDate: Mon Jun 24 14:46:25 2019 +0800
NIFI-6392: Avoid accessing the dir for /nifi-docs
Signed-off-by: Mike Thomsen <[email protected]>
---
.../src/main/java/org/apache/nifi/web/server/JettyServer.java | 3 +++
1 file changed, 3 insertions(+)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
index 4b6359b..af1042e 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
@@ -622,12 +622,15 @@ public class JettyServer implements NiFiServer,
ExtensionUiLoader {
ServletHolder docs = new ServletHolder("docs",
DefaultServlet.class);
docs.setInitParameter("resourceBase", docsDir.getPath());
+ docs.setInitParameter("dirAllowed", "false");
ServletHolder components = new ServletHolder("components",
DefaultServlet.class);
components.setInitParameter("resourceBase",
workingDocsDirectory.getPath());
+ components.setInitParameter("dirAllowed", "false");
ServletHolder restApi = new ServletHolder("rest-api",
DefaultServlet.class);
restApi.setInitParameter("resourceBase", webApiDocsDir.getPath());
+ restApi.setInitParameter("dirAllowed", "false");
docsContext.addServlet(docs, "/html/*");
docsContext.addServlet(components, "/components/*");
