Return 404 if folder is accessed

Fixes #19
xp-forge · Apr 11, 2021 · eea47b3 · eea47b3
1 parent 9c0d554
commit eea47b3
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -3,6 +3,10 @@ Web frontends change log
 
 ## ?.?.? / ????-??-??
 
+## 3.0.1 / 2021-04-11
+
+* Fixed issue #19: Raise 404 if folder is accessed - @thekid
+
 ## 3.0.0 / 2021-04-10
 
 * Removed deprecated *ClassesIn* replaced by `web.frontend.HandlersIn`

diff --git a/src/main/php/web/frontend/AssetsFrom.class.php b/src/main/php/web/frontend/AssetsFrom.class.php
@@ -71,7 +71,7 @@ public function handle($request, $response) {
     // Check all variants in Accept-Encoding, including `*`
     foreach (self::accepted($request->header('Accept-Encoding', '')) as $encoding => $q) {
       $target= new Path($base, $path.(self::EXTENSIONS[$encoding] ?? '*'));
-      if ($target->exists()) {
+      if ($target->exists() && $target->isFile()) {
         $response->header('Vary', 'Accept-Encoding');
         '*' === $encoding || $response->header('Content-Encoding', $encoding);
 

diff --git a/src/test/php/web/frontend/unittest/AssetsFromTest.class.php b/src/test/php/web/frontend/unittest/AssetsFromTest.class.php
@@ -151,6 +151,13 @@ public function returns_error_when_file_is_not_found() {
     Assert::equals(404, $res->status());
   }
 
+  #[Test]
+  public function returns_error_when_folder_is_accessed() {
+    $res= $this->serve(new AssetsFrom($this->folderWith([])), '/');
+
+    Assert::equals(404, $res->status());
+  }
+
   #[Test, Values([['fixture.css.gz', 'gzip'], ['fixture.css.br', 'br'], ['fixture.css.dfl', 'deflate'], ['fixture.css.bz2', 'bzip2']])]
   public function serves_compressed_when_gz_file_present($file, $encoding) {
     $files= [$file => self::COMPRESSED];