PlugStaticLs

Directory Index for Plug/Phoenix Static Assets

This module is still experimental

More thorough testing on directory traversal prevention is required. Use at your own risk.

WARNING: inherent vulnerability regarding directory listing

Providing directory listing may reveal following vulnerabilities:

• Contents of unintended files left in the directory

Do not provide directory listing unless you are 100% sure about the contents in the directory.

Installation

If available in Hex, the package can be installed as:

1. Add plug_static_ls to your list of dependencies in mix.exs:

```elixir
def deps do
  [{:plug_static_ls, "~> 0.1.0"}]
end
```

1. Ensure plug_static_ls is started before your application:

```elixir
def application do
  [applications: [:plug_static_ls]]
end
```

Prerequisites

The filename locale of the Erlang VM must be explicitly specified to UTF-8. See Erlang's erl +fnu option description for the details.

Note: Elixir assumes UTF-8 usage on the filenames and internal strings.

Usage

Add PlugStaticLsafterPlug.Static in endpoint.ex

plug Plug.Static, at: "/", from: :my_app
plug PlugStaticLs, at: "/", from: :my_app, only: ~w(with_listing)

License

Apache License 2

Acknowledment

The basic skeleton of this package is derived from static.ex aka Plug.Static module of the Plug repository.

The directory listing page design is derived from Yaws Web Server.