I noticed you are able to browse the angular app appconfig.json file. If you browse the file like this /assets/appconfig.json you are able to browse it. For example to test this theory on one of your test sites I create a demo <a class="postlink" href="http://test-41234.demo.aspnetzero.com/assets/appconfig.json">http://test-41234.demo.aspnetzero.com/a ... onfig.json</a> and was able to browse it.
Any way on IIS to block this? I tried adding it as a hidden segment but that actually kept the site from working all together.
Any help would be a great help.
5 Answer(s)
-
0
Hi @joe704la,
I don't know how to do this but maybe someone else can help you.
Thanks.
-
0
Okay, seems like a security risk to me.
-
0
Hi @joe704la,
Can you create an issue on AspNet Zero github repository and we will try to work on this.
Thanks.
-
0
@ismcagdas just created one here <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/issues/349">https://github.com/aspnetzero/aspnet-ze ... issues/349</a>
Thank you
-
0
Thanks, we will work on that.
