aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnna Koskinen <Ansku@users.noreply.github.com>2021-07-05 12:32:11 +0300
committerGitHub <noreply@github.com>2021-07-05 12:32:11 +0300
commit0259a37c441eb1faa32c75fa4fdd56d5627cc20f (patch)
treee41f2ac1c4ea84e12195d4936041f0110648a41c
parentaceb8371a71c9bc9582084acca4e30c9e2063ec6 (diff)
downloadvaadin-framework-0259a37c441eb1faa32c75fa4fdd56d5627cc20f.tar.gz
vaadin-framework-0259a37c441eb1faa32c75fa4fdd56d5627cc20f.zip
fix: add JavaDoc warning to avoid using ResponseWriter for directories (#12337)
* fix: add JavaDoc warning to avoid using ResponseWriter for directories (#12324) Cherry-picked from: https://github.com/vaadin/flow/pull/11112
Diffstat
-rw-r--r--server/src/main/java/com/vaadin/server/VaadinServlet.java7
1 files changed, 7 insertions, 0 deletions
diff --git a/server/src/main/java/com/vaadin/server/VaadinServlet.java b/server/src/main/java/com/vaadin/server/VaadinServlet.java
index fc8aaeaac2..58320ecb0a 100644
--- a/server/src/main/java/com/vaadin/server/VaadinServlet.java
+++ b/server/src/main/java/com/vaadin/server/VaadinServlet.java
@@ -943,6 +943,13 @@ public class VaadinServlet extends HttpServlet implements Constants {
/**
* Writes the contents of the given resourceUrl in the response. Can be
* overridden to add/modify response headers and similar.
+ * <p>
+ * WARNING: note that this should not be used for a {@code resourceUrl} that
+ * represents a directory! For security reasons, the directory contents
+ * should not be ever written into the {@code response}, and the
+ * implementation which is used for setting the content length relies on
+ * {@link URLConnection#getContentLength()} method which returns incorrect
+ * values for directories.
*
* @param request
* The request for the resource
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-30 20:05:27 +0000