Closed macterra closed 9 years ago
macterra
commented
9 years ago The WikiStatic class is derived from Configurable but I ended up using Git.absPath() to find the root wiki directory. I decided to leave it in case we want to make it configurable in the future (for example, excluding other file types in addition to markdown files).
claudioc
commented
9 years ago Ehi, good thanks! I'll take a moment in the week end and test it locally to see if I find any problems.
For the Configurable, I'd say that if you're not using it you can remove it.
Instead of excluding the .md files from being served, what about using a white list of extensions that we want to serve? I know that it could be prone to errors, but I am not super comfortable about serving anything from the document directory... maybe people are putting also some other files in it and not only .md and assets... we could expose Jingo to some security issues.
What do you think?
macterra
commented
9 years ago Agreed, a whitelist would be better for security reasons. I'm thinking the whitelist should be configurable so I'll leave that part in. Should I submit a new PR when it is ready?
claudioc
commented
9 years ago Just continue to work on your local branch and then commit and push to your remote (your fork). This PR will be automatically updated :)
macterra
commented
9 years ago I added a new configuration parameter, application.staticWhitelist, which is a comma-separated list of regular expressions.
claudioc
commented
9 years ago Looks good to me now :)
I am about to finish the Github login integration, so I will ship both features with the same version.
Do you mind if I add your name (or whatever you want) to the AUTHORS file? I'll add a "Noteworthy contributors" section to it.
macterra
commented
9 years ago I would be flattered to be included, thanks!
Uses the node-ecstatic middleware to serve static files (images, pdfs, etc) from the wiki directory. Markdown files (.md extension) are excluded so that wiki source is not exposed to client browsers.