Hi all, Following a pen-test of our application, it has been raised that the list of assets if visible as a directory listing.
For example, we have a javascript file available at this location /assets/meta/z58f7f3d4/javascript/library.js but when we access /assets/meta/z58f7f3d4/javascript/ the web server lists all files available in META-INF.assets.javascript directory of the project. Do you know how to prevent this listing? Looks like to me it's happening in org.apache.tapestry5.internal.services.assets.ClasspathAssetRequestHandler#handleAssetRequest and then in org.apache.tapestry5.internal.services.ResourceStreamerImpl#streamResource(org.apache.tapestry5.ioc.Resource, org.apache.tapestry5.services.assets.StreamableResource, java.lang.String, java.util.Set<org.apache.tapestry5.internal.services.ResourceStreamer.Options>) Thank you, Nicolas. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
