soumitra-st commented on PR #14383: URL: https://github.com/apache/pinot/pull/14383#issuecomment-2484529552
> > In addition to the above whitelisted paths, all top files having at least one '.' are allowed. This is likely done to allow access to top-level resource files. > > @soumitra-st Do we need to carry-over this behavior? I don't follow why we want to allow such access without going through auth @Jackie-Jiang , I checked the git history but could not find why we have both whitelisting (UNPROTECTED_PATHS) and open top-level resources. We can remove the open top-level resources, find the list of top-level files, and add them to the whitelist. Let me know if we should do that; I can create a task. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
