🐛 Bug Report: Static directory listing is publicly accessible at /static/ #8981
Description
📜 Description
When deploying Novu, the /static/ endpoint exposes directory listings.
This allows anyone to see internal folder structures and files, which is a security risk.
👟 Reproduction steps
- Deploy Novu (self-hosted).
- Open the browser and navigate to: https:///static/
- Observe that the directory contents are listed.
👍 Expected behavior
Navigating to /static/ should not expose directory listings.
Instead, it should either:
- Return 403 Forbidden, or
- Show a blank index page, serving only required static assets.
👎 Actual Behavior with Screenshots
Visiting /static/ displays the directory listing of files/folders.
This exposes internal structure and could potentially leak sensitive files.
Novu version
2.0.0
npm version
No response
node version
No response
📃 Provide any additional context for the Bug.
No response
👀 Have you spent some time to check if this bug has been raised before?
- I checked and didn't find a similar issue
🏢 Have you read the Contributing Guidelines?
- I have read the Contributing Guidelines
Are you willing to submit PR?
None