Closed
Description
Hi,
I am using geddy in my app and wanted to prevent serving static file other than public(i dont even need public files). But i don't see anyway to achieve this, by default geddy is opening up not only public folder but the underlying os folders also.
As an example if i try to hit my application using http://localhost:4000/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd geddy is serving the output as it doesn't match the routes and its a static file - https://github.com/geddy/geddy/blob/master/lib/app/index.js#L187
Is there anyway to prevent this with some configuration by completely blocking static asset serving by geddy?