Skip to content

[Security] on /static/ #124

ehooo opened this Issue Dec 17, 2011 · 5 comments

3 participants

ehooo commented Dec 17, 2011

Hi, this is not a vulnerability, but it's good practice.
I see that /static/ list directories, but i think must be Forbidden, or made the option to do it.


you can set the web server to forbid

ehooo commented Dec 21, 2011

The /static/ path? How?
Thanks in advance


I think it is okay to have dir-listing enabled in the dev server. It is not really meant to be used in production.

I don't think we need this feature.

@anandology anandology closed this Jan 23, 2012
ehooo commented Jan 24, 2012

But with:
web.config.debug = False

You can see a dir-listing.


Handling static files is enabled only for the dev webserver. It is not enabled when deployed using any other method like fastgi or mod_wsgi.

I don't see a need for worrying when dir-listing is enabled only on the dev server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.