Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

How to keep from being able to browse the appconfig.json #3625


User avatar
0
joe704la created

I noticed you are able to browse the angular app appconfig.json file. If you browse the file like this /assets/appconfig.json you are able to browse it. For example to test this theory on one of your test sites I create a demo <a class="postlink" href="http://test-41234.demo.aspnetzero.com/assets/appconfig.json">http://test-41234.demo.aspnetzero.com/a ... onfig.json</a> and was able to browse it.

Any way on IIS to block this? I tried adding it as a hidden segment but that actually kept the site from working all together.

Any help would be a great help.


5 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @joe704la,

    I don't know how to do this but maybe someone else can help you.

    Thanks.

  • User Avatar
    0
    joe704la created

    Okay, seems like a security risk to me.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @joe704la,

    Can you create an issue on AspNet Zero github repository and we will try to work on this.

    Thanks.

  • User Avatar
    0
    joe704la created

    @ismcagdas just created one here <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/issues/349">https://github.com/aspnetzero/aspnet-ze ... issues/349</a>

    Thank you

  • User Avatar
    0
    ismcagdas created
    Support Team

    Thanks, we will work on that.