mattip
commented
1 year ago I don't see this anymore. It may have been something github pages did? Closing, please reopen or open a new issue if there are more problems.
Closed ghost closed 1 year ago
mattip
commented
1 year ago I don't see this anymore. It may have been something github pages did? Closing, please reopen or open a new issue if there are more problems.
Describe the problem https://www.pypy.org/ has an exposed .git directory. While https://www.pypy.org/.git is 403, https://www.pypy.org/.git/HEAD , https://www.pypy.org/.git/config and similar work, so it is possible to get most of the repository. While it is not dangerous in case of PyPy (since the repository is public anyway), I don't think that it should be exposed.
To Reproduce Steps to reproduce the behavior:
Expected behavior Disallowed access to all files and subfolders of the /.git directory