ResourceHttpRequestHandler can expose the classes [SPR-8735] #13377
Assignees
Labels
in: web
Issues in web modules (web, webmvc, webflux, websocket)
status: declined
A suggestion or change that we don't feel we should currently apply
type: enhancement
A general enhancement
Comments
|
Rossen Stoyanchev commented I think the idea is to have resources at a dedicated location (e.g. "classpath:/META-INF/public-web-resources/"). What do you serve from locations where classes reside? |
|
Rossen Stoyanchev commented Resolving this as it hasn't been updated for a while and the recommended approach to serving classpath resources is to use a dedicated location. |
|
Amir Pashazadeh commented I believe it is good to have .css, .js files just next to classes (for example tags) depend on them. |
spring-projects-issues
added
status: declined
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Amir Pashazadeh opened SPR-8735 and commented
I having something like
a person can download a class file (or other forbidden files) within /com/payeshgaran/framework.
I think ResourceHttpRequestHandler needs to have properties to set rejected or allowed content types for it.
Affects: 3.0.6
The text was updated successfully, but these errors were encountered: