[
https://issues.apache.org/jira/browse/TAP5-815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12799666#action_12799666
]
Ulrich Stärk commented on TAP5-815:
-----------------------------------
It seems we still don't got it right 100%. In order for common context assets
like images, css and js to be available, the user has to set
SymbolConstants.CONTEXT_ASSETS_AVAILABLE to true OR contribute to the regex
authorizer. Since everyone will want common assets to be available and set it
to true (because it's the easiest thing to do), this is useless and just
represents an additional burden to the user.
> Asset dispatcher allows any file inside the webapp visible and downloadable
> ---------------------------------------------------------------------------
>
> Key: TAP5-815
> URL: https://issues.apache.org/jira/browse/TAP5-815
> Project: Tapestry 5
> Issue Type: Bug
> Affects Versions: 5.1.0.5
> Reporter: Thiago H. de Paula Figueiredo
> Assignee: Robert Zeigler
> Priority: Blocker
> Fix For: 5.2.0, 5.1.0.6, 5.1.0.7, 5.0.19
>
>
> Take any asset and you have an URL like
> domain.com/assets/ctx/f10407a6c1753e39/css/main.css. If you request
> domain.com/assets/ctx/f10407a6c1753e39/, a list containing all the files
> inside the webapp root is shown. It gives you the hint at downloading any
> file you want, including anyting inside WEB-INF and assets that should be
> protected by ResourceDigestGenerator.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
