Thank you Daniel and Julia for the clarification.
-Jaikiran
On 22/11/21 5:47 pm, Julia Boes wrote:
Hi Jaikiran,
On 22/11/2021 09:29, Jaikiran Pai wrote:
The newly introduced simple webserver when launched from a directory
does necessary checks to disallow serving of hidden files (and
symlinks). So if I do something like:
cd ~/
java -m jdk.httpserver
and then issue a HTTP request against something like
localhost:8000/.ssh/known_hosts, then it won't serve that content
because .ssh is a hidden directory. This behaviour matches what's stated
in the JEP 408.
However, if I instead launch the server from within a hidden directory,
like:
cd ~/.ssh/
java -m jdk.httpserver
and then issue a localhost:8000/known_hosts request, then it does end up
serving that content.
Should the root path against which the server is launched be checked to
see if any of its parent path(s) are hidden directories (or symlinks)
and if so disallow the server creation?
This was a deliberate choice. In the first case, the user might not be aware of
hidden subdirectories so the accidental serving of such is prevented. In the
second case, the user explicitly specifies a hidden directory to be served so we
can assume it is not accidental. The message printed at startup also specifies
the directory being served.
Regards,
Julia
