Comments (4)
Yea, I believe there were some issues opened up about this in the past but no PRs ever materialized. I would except it to do the same thing that the Apache HTTPD index view does in this case, which I assume is either hide it or display it without additional metadata.
from serve-index.
And also agree that all the three views should behave in the same way.
from serve-index.
I don't know how Apache handles it, so how about we just hide it for now (most secure) and circle back around to it if there's a complaint.
Once we get #74 taken care of I'll come back around to this and update the PR.
from serve-index.
We have time now to do it right :) waiting until later is unnecessarily churn. I can look at apache httpd and report back to see what it does and then we can decide how to love forward 👍
Bringing up security means it is even more imparitive to validate our implementation against one that has been reviewed many times, or alternatively we can see if a security researcher can take a look at our design here 👍
from serve-index.
Related Issues (20)
- Enable the use of custom filesystems HOT 30
- How to generate directory indices for all folders?
- Allow use of tables HOT 2
- Update debug https://snyk.io/vuln/npm:ms:20170412 HOT 1
- Example code doesn't work properly HOT 1
- Cannot stat `System Volume Information` sub dir on a root drive on Windows 10 HOT 1
- POST requests are rejected with 405 HOT 4
- Password protect a folder with HTTP Basic Authentication HOT 1
- code style: semicolons or no? HOT 6
- option to download files rather than view HOT 16
- selecting file via a redirect goes to the wrong url HOT 2
- Badly encoded URLs are HTTP 500 HOT 2
- Failing test HOT 1
- Document use of `req.originalUrl` for Reverse Proxy. HOT 4
- add .npmignore HOT 4
- The `directory.html` template should be added in `locals` HOT 3
- Display content in existing HTML? HOT 7
- How to custom handle ForbiddenError: Forbidden with malicious path traversal characters HOT 1
- svg icon HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serve-index.