diff --git a/evennia/server/server.py b/evennia/server/server.py index 8b269674f0..ba9df8add6 100644 --- a/evennia/server/server.py +++ b/evennia/server/server.py @@ -546,7 +546,7 @@ if WEBSERVER_ENABLED: # Start a django-compatible webserver. - from evennia.server.webserver import DjangoWebRoot, WSGIWebServer, Website, LockableThreadPool + from evennia.server.webserver import DjangoWebRoot, WSGIWebServer, Website, LockableThreadPool, PrivateStaticRoot # start a thread pool and define the root url (/) as a wsgi resource # recognized by Django @@ -555,9 +555,9 @@ if WEBSERVER_ENABLED: web_root = DjangoWebRoot(threads) # point our media resources to url /media - web_root.putChild(b"media", static.File(settings.MEDIA_ROOT)) + web_root.putChild(b"media", PrivateStaticRoot(settings.MEDIA_ROOT)) # point our static resources to url /static - web_root.putChild(b"static", static.File(settings.STATIC_ROOT)) + web_root.putChild(b"static", PrivateStaticRoot(settings.STATIC_ROOT)) EVENNIA.web_root = web_root if WEB_PLUGINS_MODULE: diff --git a/evennia/server/webserver.py b/evennia/server/webserver.py index 884daabfe7..4a8ff58ed5 100644 --- a/evennia/server/webserver.py +++ b/evennia/server/webserver.py @@ -14,7 +14,7 @@ a great example/aid on how to do this.) """ import urllib.parse from urllib.parse import quote as urlquote -from twisted.web import resource, http, server +from twisted.web import resource, http, server, static from twisted.internet import reactor from twisted.application import internet from twisted.web.proxy import ReverseProxyResource @@ -268,3 +268,14 @@ class WSGIWebServer(internet.TCPServer): """ super().stopService() self.pool.stop() + + +class PrivateStaticRoot(static.File): + """ + This overrides the default static file resource so as to not make the + directory listings public (that is, if you go to /media or /static you + won't see an index of all static/media files on the server). + + """ + def directoryListing(self): + return resource.ForbiddenResource()