--flat app serves up any file in directory
Reported by jonuts | June 2nd, 2008 @ 10:50 PM | in 0.9.4
Running a flatly generated app appears to serve up every file that is in its directory. i.e. /application.rb, /config/init.rb, and any other file you throw at it is publicly accessible.
I got this on osx running edge merb and linux running 0.9.3
Comments and changes to this ticket
-
Yehuda Katz (wycats) June 6th, 2008 @ 05:43 AM
- → Milestone changed from “” to “0.9.4”
- → State changed from “new” to “resolved”
This is because the default Merb.dir_for() is always the root. The solution is to add:
:public => "public" to the framework directories. This will work even if there is not public directory, but will limit the statics to that.
I have updated merb-gen to add this by default.
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
