Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

restrictions #821

Closed
aspnet-hello opened this issue Jan 1, 2018 · 2 comments
Closed

restrictions #821

aspnet-hello opened this issue Jan 1, 2018 · 2 comments

Comments

@aspnet-hello
Copy link

From @dazinator on Thursday, November 24, 2016 5:34:06 PM

Its interesting to read #232 #213 #186 where basically the comments from the team seem to indicate an intention to bake in security restrictions (such as ignoring files that start with ".") to make particular files invisible.

Seems backwards to me. It seems these decisions may be taken purely because one use case for a provider is to automatically serve up content from a webroot directory to the browser.

However this is not the sole use case. The environment also has a content root file provider. Also the fileprovider does not appear to be tied to asp.net web app necessarily, and could be used from console apps. When a developer wants to read a file, how do you know their use case isn't to read a file that is hidden or starts with a dot?

It seems to me that the consequences of setting a physical file provider to serve a webroot folder should be understood by develoers i e every file in that folder is serveable.

If it's not desirable to serve certain files wouldn't middleware be the best place to stop that - not the file provider itself?

Just thought I'd chime in with my opinion - because after all, this is github :-)

Copied from original issue: aspnet/FileSystem#247
natemcmaster referenced this issue in dotnet/aspnetcore Nov 14, 2018
@halter73
[2.1.3] Consistently handle connection aborts (#2619)
ac31e5a 
* Decouple connection objects from the server (#2535)

- Making progress towards being able to use the connection objects on the client side.

* Wait for input writer to complete before calling OnConnectionClosed (#2566)

* Wait for the ConnectionClosed token to stop tracking connections (#2574)

- The prior strategy of waiting for the pipe completed callbacks doesn't work
  because blocks are returned to the memory pool after the callbacks are fired.

* Consistently handle connection resets (#2547)

* Provide better connection abort exceptions and logs

* void IConnectionDispatcher.OnConnection
natemcmaster referenced this issue in dotnet/aspnetcore Nov 15, 2018
@halter73
Consistently handle connection resets (#2547)
a9d6cf1
ryanbrandenburg referenced this issue in dotnet/aspnetcore Nov 27, 2018
@ajaybhargavb
Merge pull request #2547 from dotnet-maestro-bot/merge/release/2.2-to…
200b1aa 
…-master

[automated] Merge branch 'release/2.2' => 'master'
@aspnet-hello aspnet-hello transferred this issue from dotnet/aspnetcore Dec 20, 2018
@aspnet-hello aspnet-hello added this to the Backlog milestone Dec 20, 2018
@dazinator
Copy link

fyi This issue has been transferred and now the linked issues in its description don't tie up to their original location

@dazinator dazinator mentioned this issue Dec 20, 2018
Closed
@aspnet-hello
Copy link
Author

Thanks for your feedback. We appreciate your letting us know about the problem you've encountered or suggestion but we are not planning to take further action on this issue because our focus has been on issues with significantly higher customer interest and issues impacting a broad number of customers.

@aspnet-hello aspnet-hello removed this from the Backlog milestone Feb 5, 2019
@dotnet dotnet locked and limited conversation to collaborators Feb 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Eilon @dazinator @aspnet-hello