Skip to content

[Security] on /static/ #124

Closed
ehooo opened this Issue Dec 17, 2011 · 5 comments

3 participants

@ehooo
ehooo commented Dec 17, 2011

Hi, this is not a vulnerability, but it's good practice.
I see that /static/ list directories, but i think must be Forbidden, or made the option to do it.

@gaotianpu

you can set the web server to forbid

@ehooo
ehooo commented Dec 21, 2011

The /static/ path? How?
Thanks in advance

@anandology

I think it is okay to have dir-listing enabled in the dev server. It is not really meant to be used in production.

I don't think we need this feature.

@anandology anandology closed this Jan 23, 2012
@ehooo
ehooo commented Jan 24, 2012

But with:
web.config.debug = False

You can see a dir-listing.

@anandology

Handling static files is enabled only for the dev webserver. It is not enabled when deployed using any other method like fastgi or mod_wsgi.

I don't see a need for worrying when dir-listing is enabled only on the dev server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.