ajax_request POSTs return 404 when jetty directory listing is disabled
68 views
Skip to first unread message
martin
May 15, 2012, 7:26:39 AM5/15/12
to lif...@googlegroups.com
Hi,
I came across interesting problem. I not able to effectively disable directory listings in jetty. To be more specific I know how to disable directory listings in jetty by setting dirAllowed parameter to false ... and it works, meaning that I correctly get 403 when trying to display directory content. Hovewer there is one catch: ajax posts (/ajax_request/F178680569126LUYTKB/) return 404, until page is refreshed. This a very similar problem to http://groups.google.com/group/liftweb/browse_thread/thread/9a99b5af4f3961ab/96f67b41d01bed89?lnk=gst&q=ajax+post+404#96f67b41d01bed89 except that I dont use HTTP AUTH.
When I enable directory listings then the ajax posts work as expected. Unfortunatelly, now the visitors are able to display content of /css, /js etc. and even /templates-hidden. They are even able to display source of files inside templates-hidden. I thought that everything what ends with *-hidden is automatically hidden by lift.
I'm using lift 2.4 and jetty 7.6.2.
Can somebody of you point me to the right direction ? Thank you.
Martin
I came across interesting problem. I not able to effectively disable directory listings in jetty. To be more specific I know how to disable directory listings in jetty by setting dirAllowed parameter to false ... and it works, meaning that I correctly get 403 when trying to display directory content. Hovewer there is one catch: ajax posts (/ajax_request/F178680569126LUYTKB/) return 404, until page is refreshed. This a very similar problem to http://groups.google.com/group/liftweb/browse_thread/thread/9a99b5af4f3961ab/96f67b41d01bed89?lnk=gst&q=ajax+post+404#96f67b41d01bed89 except that I dont use HTTP AUTH.
When I enable directory listings then the ajax posts work as expected. Unfortunatelly, now the visitors are able to display content of /css, /js etc. and even /templates-hidden. They are even able to display source of files inside templates-hidden. I thought that everything what ends with *-hidden is automatically hidden by lift.
I'm using lift 2.4 and jetty 7.6.2.
Can somebody of you point me to the right direction ? Thank you.
Martin
martin
May 15, 2012, 9:02:55 AM5/15/12
to lif...@googlegroups.com
I'll reply to myself for future reference.
It was my bad. I forgot to add 404handler. Now everything is perfect, lift isn't serving hidden dirs and ajax posts work perfectly.
Martin
It was my bad. I forgot to add 404handler. Now everything is perfect, lift isn't serving hidden dirs and ajax posts work perfectly.
Martin
Reply all
Reply to author
Forward
0 new messages