-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hotfix 6.0.x sup 16004 #230
Conversation
Serhii Plyhun seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
1 similar comment
Serhii Plyhun seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
* An extension of {@link AllowedResourceAliasChecker} which will allow symlinks alias to arbitrary | ||
* targets, if the path is in the whitelist. | ||
*/ | ||
public class SelectedSymlinkAllowedResourceAliasChecker extends AllowedResourceAliasChecker |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here we cannot reuse an existing SymlinkAllowedResourceAliasChecker
for two reasons.
- It is enabled by default, thus - useless.
- It is useless, because of its ultimate dependency on a base webroot, which is set to
/webroot
, which is based on an application classpath root, and not the root we set in the distinct handler.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NB: Fresher Jetty version extends the possibility of AliasCheckers, though it requires a refactoring / overall stability check.
jetty/jetty.project#8259
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested with the example setup of the ticket and it did not work (static file from symlinked package is not availalbe).
I was able to replicate the issue on a local setup. Will re-check with the provided docker environment as well. |
No description provided.