Hi, this is not a vulnerability, but it's good practice.
I see that /static/ list directories, but i think must be Forbidden, or made the option to do it.
you can set the web server to forbid
The /static/ path? How?
Thanks in advance
I think it is okay to have dir-listing enabled in the dev server. It is not really meant to be used in production.
I don't think we need this feature.
web.config.debug = False
You can see a dir-listing.
Handling static files is enabled only for the dev webserver. It is not enabled when deployed using any other method like fastgi or mod_wsgi.
I don't see a need for worrying when dir-listing is enabled only on the dev server.