GWT's compilation-mappings file publicly available
During a security audit I came across this file in a web server. It is publicly available for unauthenticated users. After doing some research (this url proved very useful What are those cache.js and compilation-mappings files) I can't seem to find my answer anywhere:
Should this file be available for the public? Does it present a security risk?
Or on the other hand it has to be publicly available to work out what browser is interacting with the web server?
Thanks
gwt
add a comment |
During a security audit I came across this file in a web server. It is publicly available for unauthenticated users. After doing some research (this url proved very useful What are those cache.js and compilation-mappings files) I can't seem to find my answer anywhere:
Should this file be available for the public? Does it present a security risk?
Or on the other hand it has to be publicly available to work out what browser is interacting with the web server?
Thanks
gwt
add a comment |
During a security audit I came across this file in a web server. It is publicly available for unauthenticated users. After doing some research (this url proved very useful What are those cache.js and compilation-mappings files) I can't seem to find my answer anywhere:
Should this file be available for the public? Does it present a security risk?
Or on the other hand it has to be publicly available to work out what browser is interacting with the web server?
Thanks
gwt
During a security audit I came across this file in a web server. It is publicly available for unauthenticated users. After doing some research (this url proved very useful What are those cache.js and compilation-mappings files) I can't seem to find my answer anywhere:
Should this file be available for the public? Does it present a security risk?
Or on the other hand it has to be publicly available to work out what browser is interacting with the web server?
Thanks
gwt
gwt
asked Nov 16 '18 at 16:33
willem_tee
111
111
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The compilation-mappings file contains the exact same information as the *.nocache.js
file. It poses no security risk (otherwise, rest assured that it would be produced in another directory).
Google uses it to replace the *.nocache.js
and do the script selection on the server (with a custom GWT linker and a custom servlet). But it is not used by "standard" GWT setups, so you can safely delete or block it if you'd rather not expose it.
Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
– willem_tee
Nov 16 '18 at 21:49
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53341944%2fgwts-compilation-mappings-file-publicly-available%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The compilation-mappings file contains the exact same information as the *.nocache.js
file. It poses no security risk (otherwise, rest assured that it would be produced in another directory).
Google uses it to replace the *.nocache.js
and do the script selection on the server (with a custom GWT linker and a custom servlet). But it is not used by "standard" GWT setups, so you can safely delete or block it if you'd rather not expose it.
Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
– willem_tee
Nov 16 '18 at 21:49
add a comment |
The compilation-mappings file contains the exact same information as the *.nocache.js
file. It poses no security risk (otherwise, rest assured that it would be produced in another directory).
Google uses it to replace the *.nocache.js
and do the script selection on the server (with a custom GWT linker and a custom servlet). But it is not used by "standard" GWT setups, so you can safely delete or block it if you'd rather not expose it.
Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
– willem_tee
Nov 16 '18 at 21:49
add a comment |
The compilation-mappings file contains the exact same information as the *.nocache.js
file. It poses no security risk (otherwise, rest assured that it would be produced in another directory).
Google uses it to replace the *.nocache.js
and do the script selection on the server (with a custom GWT linker and a custom servlet). But it is not used by "standard" GWT setups, so you can safely delete or block it if you'd rather not expose it.
The compilation-mappings file contains the exact same information as the *.nocache.js
file. It poses no security risk (otherwise, rest assured that it would be produced in another directory).
Google uses it to replace the *.nocache.js
and do the script selection on the server (with a custom GWT linker and a custom servlet). But it is not used by "standard" GWT setups, so you can safely delete or block it if you'd rather not expose it.
answered Nov 16 '18 at 18:06
Thomas Broyer
62.1k678151
62.1k678151
Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
– willem_tee
Nov 16 '18 at 21:49
add a comment |
Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
– willem_tee
Nov 16 '18 at 21:49
Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
– willem_tee
Nov 16 '18 at 21:49
Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
– willem_tee
Nov 16 '18 at 21:49
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53341944%2fgwts-compilation-mappings-file-publicly-available%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown