You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a potential security issue. Due to default configuration of JoinFaces source files are visible directly through the browser. It is related to their location expected by join faces (META-INF/resources). For example in joinfaces-maven-jar-example one can easily access any file like: http://localhost:8080/tags/tags.taglib.xml http://localhost:8080/cc/textComponent.xhtml
Please change the default location (/src/main/webapp?) or at least provide a setting to alter this default location.
Hi there!
There is a potential security issue. Due to default configuration of JoinFaces source files are visible directly through the browser. It is related to their location expected by join faces (META-INF/resources). For example in joinfaces-maven-jar-example one can easily access any file like:
http://localhost:8080/tags/tags.taglib.xml
http://localhost:8080/cc/textComponent.xhtml
Please change the default location (/src/main/webapp?) or at least provide a setting to alter this default location.
This issue has been also reported in here:
joinfaces/joinfaces-maven-jar-example#291
Similar issue, from different perspective, has also been reported here:
#315
The text was updated successfully, but these errors were encountered: