Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ResourceHttpRequestHandler can expose the classes [SPR-8735] #13377

Closed
spring-projects-issues opened this issue Oct 3, 2011 · 3 comments
Closed
Assignees
Labels
in: web status: declined type: enhancement

Comments

@spring-projects-issues
Copy link
Collaborator

@spring-projects-issues spring-projects-issues commented Oct 3, 2011

Amir Pashazadeh opened SPR-8735 and commented

I having something like

<mvc:resources mapping="/resources/**" location="classpath:/com/payeshgaran/framework"/>

a person can download a class file (or other forbidden files) within /com/payeshgaran/framework.

I think ResourceHttpRequestHandler needs to have properties to set rejected or allowed content types for it.


Affects: 3.0.6

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Dec 1, 2011

Rossen Stoyanchev commented

I think the idea is to have resources at a dedicated location (e.g. "classpath:/META-INF/public-web-resources/"). What do you serve from locations where classes reside?

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented May 18, 2012

Rossen Stoyanchev commented

Resolving this as it hasn't been updated for a while and the recommended approach to serving classpath resources is to use a dedicated location.

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented May 18, 2012

Amir Pashazadeh commented

I believe it is good to have .css, .js files just next to classes (for example tags) depend on them.

@spring-projects-issues spring-projects-issues added status: declined type: enhancement in: web labels Jan 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: web status: declined type: enhancement
Projects
None yet
Development

No branches or pull requests

2 participants