steps:
expected:
my source code is still private; nothing about the interface indicated to me that deleting index.html would cause the rest of my files to become publicly visible
actual:
Deleting index.html has caused the site to render as a folder structure, which is now exposing my source code.
demo:
see https://private-project-or-is.glitch.me/ , which is private, but ‘sekrits.md’ is visible to all
Hey @jude,
I think that it is not a bug, but a feature unexpected thing thar Glitch does. (for instance, it could response a static "No Files" page which says, that a project doesn’t have any .html files/responses for ‘/’)
Hey @jude this is a really good catch; thanks for the note! It’s totally understandable that this behavior would be unexpected in the context of a private project.
I’ll take this to the rest of the team to see if we can solve this in a better, less-surprizing way!
This is something called an indexing page, it lists out the www directory. This happens when using hello-webpage. I don’t know what the container is running, but it sorta reminds me of running an Apache server. If you don’t have a default entry (index page) it’ll show you the directory listing page.
Its normal behaviour for serving static files … index.html replaces the file listing. Which files are served is unchanged.
For example, even with index.html, if someone typed in https://private-project-or-is.glitch.me/sekrits.md it would still be served.
There are configuration options for which files are served vs excluded, but its a little tricky to apply the options; its easier to use a node express server instead.