404 for hidden files to not revleal their existence.

This commit is contained in:
Brian E. Granger 2014-02-05 15:38:34 -08:00
parent 7ab69652ea
commit 0c794b5d2c

View File

@ -266,7 +266,7 @@ class AuthenticatedFileHandler(IPythonHandler, web.StaticFileHandler):
abs_path = super(AuthenticatedFileHandler, self).validate_absolute_path(root, absolute_path)
abs_root = os.path.abspath(root)
if is_hidden(abs_root, abs_path):
raise web.HTTPError(403)
raise web.HTTPError(404)
return abs_path