[ https://issues.apache.org/jira/browse/TAP5-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12774046#action_12774046 ]
Robert Zeigler commented on TAP5-815: ------------------------------------- Pretty sure Alex was referring to the functionality of my AssetProtectionDispatcher withi 5.0.18. > Asset dispatcher allows any file inside the webapp visible and downloadable > --------------------------------------------------------------------------- > > Key: TAP5-815 > URL: https://issues.apache.org/jira/browse/TAP5-815 > Project: Tapestry 5 > Issue Type: Bug > Affects Versions: 5.1.0.5 > Reporter: Thiago H. de Paula Figueiredo > Assignee: Robert Zeigler > Priority: Blocker > > Take any asset and you have an URL like > domain.com/assets/ctx/f10407a6c1753e39/css/main.css. If you request > domain.com/assets/ctx/f10407a6c1753e39/, a list containing all the files > inside the webapp root is shown. It gives you the hint at downloading any > file you want, including anyting inside WEB-INF and assets that should be > protected by ResourceDigestGenerator. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.