Closed macterra closed 9 years ago
The WikiStatic class is derived from Configurable but I ended up using Git.absPath() to find the root wiki directory. I decided to leave it in case we want to make it configurable in the future (for example, excluding other file types in addition to markdown files).
Ehi, good thanks! I'll take a moment in the week end and test it locally to see if I find any problems.
For the Configurable, I'd say that if you're not using it you can remove it.
Instead of excluding the .md
files from being served, what about using a white list of extensions that we want to serve? I know that it could be prone to errors, but I am not super comfortable about serving anything from the document directory... maybe people are putting also some other files in it and not only .md
and assets... we could expose Jingo to some security issues.
What do you think?
Agreed, a whitelist would be better for security reasons. I'm thinking the whitelist should be configurable so I'll leave that part in. Should I submit a new PR when it is ready?
Just continue to work on your local branch and then commit and push to your remote (your fork). This PR will be automatically updated :)
I added a new configuration parameter, application.staticWhitelist, which is a comma-separated list of regular expressions.
Looks good to me now :)
I am about to finish the Github login integration, so I will ship both features with the same version.
Do you mind if I add your name (or whatever you want) to the AUTHORS file? I'll add a "Noteworthy contributors" section to it.
I would be flattered to be included, thanks!
Uses the node-ecstatic middleware to serve static files (images, pdfs, etc) from the wiki directory. Markdown files (.md extension) are excluded so that wiki source is not exposed to client browsers.