Is there a way to prevent logged in users from accessing .jsps by typing in .htm? Logged in users, which do have proper privilege to view the form are able to access .jsps by typing .htm. My understanding that .jsps located within the WEB-INF folder should not be manually accessible. However, module .jsps are placed in \WEB-INF\view\module\moduleName. I am able to manually navigate to all pages in this folder even though I do not intend for this to be the case. In our case, very few of our pages should be accessible directly by the user.
It seems bad to allow users to directly access .jsps that aren’t intended to be accessed manually. For example, we have many pages that are used as “include” .jsps similar to the openmrs include.jsp or header.jsp. Also, many of our pages require a specific workflow and pages should not be able to be accessed out of order.
@david5780 can you create a ticket,but i think many of them are being replaced with gsp templates (in uiframework)and plain html interpolated with Angular , React scripts and others.I thing unless a user is a dev or too curious, normal users have little if any interest in what goes on behind the server curtain…
just saying… But hey you can file a Ticket for that.
just saying… But hey you can file a Ticket for that.