From f2c949998733734543be2ec795b2aa9b909b0044 Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Sat, 19 Jun 2021 22:53:36 -0700 Subject: Disable directory listings (fix #4701) --- src/main/java/org/traccar/web/WebServer.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/main/java/org/traccar/web') diff --git a/src/main/java/org/traccar/web/WebServer.java b/src/main/java/org/traccar/web/WebServer.java index ffa06adfd..04c320839 100644 --- a/src/main/java/org/traccar/web/WebServer.java +++ b/src/main/java/org/traccar/web/WebServer.java @@ -1,5 +1,5 @@ /* - * Copyright 2012 - 2020 Anton Tananaev (anton@traccar.org) + * Copyright 2012 - 2021 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -136,6 +136,7 @@ public class WebServer { private void initWebApp(Config config, ServletContextHandler servletHandler) { ServletHolder servletHolder = new ServletHolder(DefaultServlet.class); servletHolder.setInitParameter("resourceBase", new File(config.getString(Keys.WEB_PATH)).getAbsolutePath()); + servletHolder.setInitParameter("dirAllowed", "false"); if (config.getBoolean(Keys.WEB_DEBUG)) { servletHandler.setWelcomeFiles(new String[] {"debug.html", "index.html"}); } else { -- cgit v1.2.3