Hi, Thus PR is related to best practises - user shouldn't be able access JSPs directly. Some examples in showcase are still broken but they based on Dojo plugin which is deprecated - so they will be removed anyway.
2014-03-03 21:56 GMT+01:00 lukaszlenart <g...@git.apache.org>: > GitHub user lukaszlenart opened a pull request: > > https://github.com/apache/struts/pull/2 > > Restricts direct access to JSP files > > This PR moves all JSP files in example apps under `WEB-INF` and adds > security constraints to `web.xml` to avoid accessing JSP files directly. Thus > represents good practises. > > You can merge this pull request into a Git repository by running: > > $ git pull https://github.com/apache/struts feature/move-jsps-under-webinf > > Alternatively you can review and apply these changes as the patch at: > > https://github.com/apache/struts/pull/2.patch > > To close this pull request, make a commit to your master/trunk branch > with (at least) the following in the commit message: > > This closes #2 > > ---- > commit 6b00db2d23acf93f83563715aa0deaeb0a245785 > Author: Lukasz Lenart <lukaszlen...@apache.org> > Date: 2014-02-25T09:56:53Z > > Moves jsps under WEB-INF > > commit 6f43464fcaab59e7345a3e394db4a969cf410d15 > Author: Lukasz Lenart <lukaszlen...@apache.org> > Date: 2014-02-25T09:57:21Z > > Adds security constraints to block access to jsp files > > commit 4360a06662dcdb3c08d4ba9c3f8e2679eecddad1 > Author: Lukasz Lenart <lukaszlen...@apache.org> > Date: 2014-02-28T09:17:19Z > > Merge branch 'develop' into feature/move-jsps-under-webinf > > commit 95b309a9b93eebadb589a335947598d815add80b > Author: Lukasz Lenart <lukaszlen...@apache.org> > Date: 2014-03-02T20:13:38Z > > Adds security constraints to web.xml to block access to pure JSP files > > commit d07e8044beef98222f0140adb0b4e2892b6bf166 > Author: Lukasz Lenart <lukaszlen...@apache.org> > Date: 2014-03-02T20:17:30Z > > Moves mailreader related JSPs under WEB-INF > > commit 65eb97514c635da87c60f2a7b0d6bbbdd79358ee > Author: Lukasz Lenart <lukaszlen...@apache.org> > Date: 2014-03-02T21:02:49Z > > Moves showcase related JSPs under WEB-INF > > commit c0a312a82209a5dae219e10245b3a55c0408aadf > Author: Lukasz Lenart <lukaszlen...@apache.org> > Date: 2014-03-02T21:17:12Z > > Reverts security constraint > > ---- > > > --- > If your project is set up for it, you can reply to this email and have your > reply appear on GitHub as well. If your project does not have this feature > enabled and wishes so, or if the feature is enabled but not working, please > contact infrastructure at infrastruct...@apache.org or file a JIRA ticket > with INFRA. > --- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
