diff options
author | Anna Koskinen <Ansku@users.noreply.github.com> | 2021-06-15 16:28:13 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-15 16:28:13 +0300 |
commit | ba02350206ef25f6c29618f3cf7458f43543f3e8 (patch) | |
tree | 0cbc726ac5b0ebccb2b249646357bf9aa694d32e /server/src/main/java/com/vaadin | |
parent | 803886af25433df067d4bb9f104408322ffe3977 (diff) | |
download | vaadin-framework-ba02350206ef25f6c29618f3cf7458f43543f3e8.tar.gz vaadin-framework-ba02350206ef25f6c29618f3cf7458f43543f3e8.zip |
fix: add JavaDoc warning to avoid using ResponseWriter for directories (#12324)
* fix: add JavaDoc warning to avoid using ResponseWriter for directories
Cherry-picked from: https://github.com/vaadin/flow/pull/11112
Diffstat (limited to 'server/src/main/java/com/vaadin')
-rw-r--r-- | server/src/main/java/com/vaadin/server/VaadinServlet.java | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/server/src/main/java/com/vaadin/server/VaadinServlet.java b/server/src/main/java/com/vaadin/server/VaadinServlet.java index fc8aaeaac2..58320ecb0a 100644 --- a/server/src/main/java/com/vaadin/server/VaadinServlet.java +++ b/server/src/main/java/com/vaadin/server/VaadinServlet.java @@ -943,6 +943,13 @@ public class VaadinServlet extends HttpServlet implements Constants { /** * Writes the contents of the given resourceUrl in the response. Can be * overridden to add/modify response headers and similar. + * <p> + * WARNING: note that this should not be used for a {@code resourceUrl} that + * represents a directory! For security reasons, the directory contents + * should not be ever written into the {@code response}, and the + * implementation which is used for setting the content length relies on + * {@link URLConnection#getContentLength()} method which returns incorrect + * values for directories. * * @param request * The request for the resource |