The newly introduced simple webserver when launched from a directory
does necessary checks to disallow serving of hidden files (and
symlinks). So if I do something like:
cd ~/
java -m jdk.httpserver
and then issue a HTTP request against something like
localhost:8000/.ssh/known_hosts, then it won't serve that content
because .ssh is a hidden directory. This behaviour matches what's stated
in the JEP 408.
However, if I instead launch the server from within a hidden directory,
like:
cd ~/.ssh/
java -m jdk.httpserver
and then issue a localhost:8000/known_hosts request, then it does end up
serving that content.
Should the root path against which the server is launched be checked to
see if any of its parent path(s) are hidden directories (or symlinks)
and if so disallow the server creation?
-Jaikiran