Re: svn commit: r834151 - in /tapestry/tapestry5/trunk: src/site/apt/guide/ tapestry-core/src/main/java/org/apache/tapestry5/internal/services/ tapestry-core/src/main/java/org/apache/tapestry5/services/ tapestry-core/src/test/java/org/apache/tapestry

Wed, 09 Dec 2009 10:56:19 -0800

My original thought on this was to put the contribution in the app module generated by the quickstart. 
Pros: the contribution is simple to modify and customize.
Cons: all of the existing apps still break, as do new apps created without the context. 


So I realized that wasn't going to work well.  But I was still  
hesitant to add the contribution.  It's one thing for us to open up  
our code, quite another for us to cart blanche open up a bunch of user  
assets, without a very simple way of turning that off.  So I wound up  
creating a new symbol, SymbolConstants.CONTEXT_ASSETS_AVAILABLE, that  
defaults to true, that controls whether the contribution is made or  
not.  So users with more specific needs can easily turn off the cart  
blanche contribution made by TapestryModule in favor of more fine- 
grained control.



I've also gone ahead and changed the return value from 403 (forbidden)  
to 404 (not found).  I was swayed by the post that showed that the  
servlet spec is supposed to return 404 for request to, eg, WEB-INF.



I'll be writing an integration test specifically for this feature,  
backporting, and closing the issue today so that we can get on with a  
5.1.0.6 release.


Robert

On Nov 25, 2009, at 11/2511:41 AM , Thiago H. de Paula Figueiredo wrote:


Em Wed, 25 Nov 2009 15:25:13 -0200, Ulrich Stärk <[email protected]>  
escreveu:



I'm all for blacklisting but reasonable defaults like allowing css/ 
jpg/png/gif/js from the webapp context IMHO should be added as not  
to frustrate people trying to get their project going...


Agreed.

--
Thiago H. de Paula Figueiredo

Independent Java, Apache Tapestry 5 and Hibernate consultant,  
developer, and instructor
Owner, software architect and developer, Ars Machina Tecnologia da  
Informação Ltda.

http://www.arsmachina.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
























					Reply via email to