Is there a way to prevent users from accessing .jsps by manually typing the url

Is there a way to prevent logged in users from accessing .jsps by typing in .htm? Logged in users, which do have proper privilege to view the form are able to access .jsps by typing .htm. My understanding that .jsps located within the WEB-INF folder should not be manually accessible. However, module .jsps are placed in \WEB-INF\view\module\moduleName. I am able to manually navigate to all pages in this folder even though I do not intend for this to be the case. In our case, very few of our pages should be accessible directly by the user.

Example below: https://host/openmrs/module/moduleName/jspName.htm

@david5780 why do you want this?

It seems bad to allow users to directly access .jsps that aren’t intended to be accessed manually. For example, we have many pages that are used as “include” .jsps similar to the openmrs include.jsp or header.jsp. Also, many of our pages require a specific workflow and pages should not be able to be accessed out of order.

@david5780 can you create a ticket,but i think many of them are being replaced with gsp templates (in uiframework)and plain html interpolated with Angular , React scripts and others.I thing unless a user is a dev or too curious, normal users have little if any interest in what goes on behind the server curtain…

:grinning: just saying… But hey you can file a Ticket for that.

I am more concerned about those who may be too curious :slight_smile:

Create a Ticket for that.

Thanks! I created

@david5780 the Issue is it Refapp or OpenMRS Core… Refapp we place them under RA.

and Platform issues under TRUNK.And it would be prudent if you included Screenshots