GWT's compilation-mappings file publicly available












2














During a security audit I came across this file in a web server. It is publicly available for unauthenticated users. After doing some research (this url proved very useful What are those cache.js and compilation-mappings files) I can't seem to find my answer anywhere:



Should this file be available for the public? Does it present a security risk?
Or on the other hand it has to be publicly available to work out what browser is interacting with the web server?



Thanks






gwt







share|improve this question



























    2














    During a security audit I came across this file in a web server. It is publicly available for unauthenticated users. After doing some research (this url proved very useful What are those cache.js and compilation-mappings files) I can't seem to find my answer anywhere:



    Should this file be available for the public? Does it present a security risk?
    Or on the other hand it has to be publicly available to work out what browser is interacting with the web server?



    Thanks






    gwt







    share|improve this question

























      2












      2








      2







      During a security audit I came across this file in a web server. It is publicly available for unauthenticated users. After doing some research (this url proved very useful What are those cache.js and compilation-mappings files) I can't seem to find my answer anywhere:



      Should this file be available for the public? Does it present a security risk?
      Or on the other hand it has to be publicly available to work out what browser is interacting with the web server?



      Thanks






      gwt







      share|improve this question













      During a security audit I came across this file in a web server. It is publicly available for unauthenticated users. After doing some research (this url proved very useful What are those cache.js and compilation-mappings files) I can't seem to find my answer anywhere:



      Should this file be available for the public? Does it present a security risk?
      Or on the other hand it has to be publicly available to work out what browser is interacting with the web server?



      Thanks






      gwt




      gwt






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 16 '18 at 16:33









      willem_tee

      111




      111
























          1 Answer
          1






          active

          oldest

          votes


















          2














          The compilation-mappings file contains the exact same information as the *.nocache.js file. It poses no security risk (otherwise, rest assured that it would be produced in another directory).



          Google uses it to replace the *.nocache.js and do the script selection on the server (with a custom GWT linker and a custom servlet). But it is not used by "standard" GWT setups, so you can safely delete or block it if you'd rather not expose it.






          share|improve this answer





















          • Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
            – willem_tee
            Nov 16 '18 at 21:49











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53341944%2fgwts-compilation-mappings-file-publicly-available%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          2














          The compilation-mappings file contains the exact same information as the *.nocache.js file. It poses no security risk (otherwise, rest assured that it would be produced in another directory).



          Google uses it to replace the *.nocache.js and do the script selection on the server (with a custom GWT linker and a custom servlet). But it is not used by "standard" GWT setups, so you can safely delete or block it if you'd rather not expose it.






          share|improve this answer





















          • Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
            – willem_tee
            Nov 16 '18 at 21:49
















          2














          The compilation-mappings file contains the exact same information as the *.nocache.js file. It poses no security risk (otherwise, rest assured that it would be produced in another directory).



          Google uses it to replace the *.nocache.js and do the script selection on the server (with a custom GWT linker and a custom servlet). But it is not used by "standard" GWT setups, so you can safely delete or block it if you'd rather not expose it.






          share|improve this answer





















          • Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
            – willem_tee
            Nov 16 '18 at 21:49














          2












          2








          2






          The compilation-mappings file contains the exact same information as the *.nocache.js file. It poses no security risk (otherwise, rest assured that it would be produced in another directory).



          Google uses it to replace the *.nocache.js and do the script selection on the server (with a custom GWT linker and a custom servlet). But it is not used by "standard" GWT setups, so you can safely delete or block it if you'd rather not expose it.






          share|improve this answer












          The compilation-mappings file contains the exact same information as the *.nocache.js file. It poses no security risk (otherwise, rest assured that it would be produced in another directory).



          Google uses it to replace the *.nocache.js and do the script selection on the server (with a custom GWT linker and a custom servlet). But it is not used by "standard" GWT setups, so you can safely delete or block it if you'd rather not expose it.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 16 '18 at 18:06









          Thomas Broyer

          62.1k678151




          62.1k678151












          • Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
            – willem_tee
            Nov 16 '18 at 21:49


















          • Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
            – willem_tee
            Nov 16 '18 at 21:49
















          Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
          – willem_tee
          Nov 16 '18 at 21:49




          Thanks Thomas, much appreciated - it's all I was asking. Gave you points-up but don't have enough "reputation" for it to show.
          – willem_tee
          Nov 16 '18 at 21:49


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53341944%2fgwts-compilation-mappings-file-publicly-available%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Biblatex bibliography style without URLs when DOI exists (in Overleaf with Zotero bibliography)

          Image
          2 2 I have a Zotero bibliography in Overleaf. I use biblatex . usepackage[backend=biber,citestyle=authoryear]{biblatex} addbibresource{zoteroALH.bib} Bibliography entries look like: @book{de_saint-gervais_uniformization_2016, title = {Uniformization of {Riemann} {Surfaces}}, isbn = {978-3-03719-145-3}, url = {https://www.ems-ph.org/books/book.php?proj_nr=198&srch=series%7Chem}, urldate = {2019-02-03}, author = {de Saint-Gervais, Paul Henri}, year = {2016}, doi = {10.4171/145} } In the bibliography down the paper the reference shows like this: There is the DOI, great, but also the URL which is unnecessary when the DOI is there. How can I remove the URL when the DOI is present? biblatex bibliographies overleaf zote
          Read more

          ComboBox Display Member on multiple fields

          Image
          2 I'm trying to set the .DisplayMember property of a ComboBox in C#, but I want to bind it to multiple columns in the .DataSouce . My SQL looks like this: SELECT PersNbr, PersFirstName, PersMiddleName, PersLastName FROM Pers WHERE PersNbr = :persNbr; I'm saving this query in a DataTable so each column selected has it's own column in the Datatable . I want to make the .DisplayMember a combination of PersFirstName + PersMiddleName + PersLastName so their full name appears like this: comboBox.DisplayMemeber = "PersFirstName" + "PersMiddleName" + "PersLastName" I know I can just to this on the query: SELECT PersNbr, (PersFirstName || PersMiddleName || PersLastName) PersName and then just do this: comboBox.DisplayMember = "PersName"; but I
          Read more

          Is it possible to collect Nectar points via Trainline?

          Image
          2 Since I am not eligible for any Railcard, the only available discount/bonus scheme is Nectar Card for me. GWR, SWR, LNER and Virgin Trains allow to collect Nectar points and I have already linked a card to my GWR account. A friend suggested me to use Trainline App, because it can search for bus tickets either. I had a look at the application, but could not see any option for Nectar. Is there a way to collect Nectar points when I buy tickets via Trainline? uk trains loyalty-programs trainline share | improve this question asked Dec 2 '18 at 15:50 ahmedus 3,224 5 19 49
          Read more