Important Notice - Forums is archived
To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.
Hello, some directories would reveal app information?
When accessing this links in the browser I get this, In my company we are very concerned about those links that lead to nothing.
https://demo.vaadin.com/dashboard/UIDL/?v-uiId=2

I really want to know if those directories or the information you show could cause my application to be vulnerable
http://my-app/VAADIN/themes/valo/fonts
http://my-app/VAADIN/themes/valo/fonts/roboto
http://my-app/VAADIN/themes/valo
http://my-app/VAADIN/themes/valo/shared
http://my-app/VAADIN/themes/valo/shared/img
http://my-app/VAADIN/widgetsets/com.vaadin.DefaultWidgetSet
http://my-app/UIDL/?v-uiId=2
http://my-app/HEARTBEAT/?v-uid=0
http://my-app/HEARTBEAT/?v-uid=1
http://my-app/HEARTBEAT/?v-uiId=1
http://my-app/AAP
http://my-app/cdn-cgi
http://my-app/cdn-cgi/images
Hi,
it's really just theme information (CSS files, images, etc) and the things the application uses to communicate. Nothing that you wouldn't be able to see in the app UI anyway. The application state still stays on the server.
Best regards,
Olli
Olli Tietäväinen: Hi,
it's really just theme information (CSS files, images, etc) and the things the application uses to communicate. Nothing that you wouldn't be able to see in the app UI anyway. The application state still stays on the server.
Best regards,
Olli
Thanks,
For any examples of how I could redirect my users to a main error page?
Which would be more recommended? Because my app has VaadinCDIServlet, include springsecurity? would be good idea?