summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--changelog.d/15438.misc1
-rw-r--r--synapse/http/server.py10
2 files changed, 11 insertions, 0 deletions
diff --git a/changelog.d/15438.misc b/changelog.d/15438.misc
new file mode 100644
index 0000000000..1edcbac7e2
--- /dev/null
+++ b/changelog.d/15438.misc
@@ -0,0 +1 @@
+Disable directory listing for static resources in `/_matrix/static/`.
\ No newline at end of file
diff --git a/synapse/http/server.py b/synapse/http/server.py
index 7b760505b2..101dc2e747 100644
--- a/synapse/http/server.py
+++ b/synapse/http/server.py
@@ -46,6 +46,13 @@ from twisted.internet import defer, interfaces
 from twisted.internet.defer import CancelledError
 from twisted.python import failure
 from twisted.web import resource
+
+try:
+    from twisted.web.pages import notFound
+except ImportError:
+    from twisted.web.resource import NoResource as notFound  # type: ignore[assignment]
+
+from twisted.web.resource import IResource
 from twisted.web.server import NOT_DONE_YET, Request
 from twisted.web.static import File
 from twisted.web.util import redirectTo
@@ -569,6 +576,9 @@ class StaticResource(File):
         set_clickjacking_protection_headers(request)
         return super().render_GET(request)
 
+    def directoryListing(self) -> IResource:
+        return notFound()
+
 
 class UnrecognizedRequestResource(resource.Resource):
     """
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-01 10:37:02 +0000