Default Folder X 5 0

Posted on  by
-->

By Rick Anderson and Kirk Larkin

Default Folder X 5.1 Default Folder X 5.0 Default Folder X 4.5 See all Default Folder X is a Finder companion that provides you with features which help you manage your files and directories a lot easier.

Static files, such as HTML, CSS, images, and JavaScript, are assets an ASP.NET Core app serves directly to clients by default.

View or download sample code (how to download)

Serve static files

  • Version 5 also runs on Yosemite, but not on earlier versions of OS X. If you turned off System Integrity Protection to use version 4 on El Capitan, you can turn it back on now. This entry was posted on Monday, January 11th, 2016 at 12:14 pm and is filed under Default Folder X, Development, El Capitan, Yosemite.
  • Default Folder X's application icon, toolbar and menu bar icons need to be updated. The icons that Default Folder X puts in the Finder toolbar don't match Big Sur's new toolbar icon style. Version 5.5b1 included these changes: Compatibility with the first developer release of macOS 11.0 Big Sur. An internal switch to prevent Default Folder X.

Static files are stored within the project's web root directory. The default directory is {content root}/wwwroot, but it can be changed with the UseWebRoot method. For more information, see Content root and Web root.

The CreateDefaultBuilder method sets the content root to the current directory:

The preceding code was created with the web app template.

Static files are accessible via a path relative to the web root. For example, the Web Application project templates contain several folders within the wwwroot folder:

  • wwwroot
    • css
    • js
    • lib

Consider creating the wwwroot/images folder and adding the wwwroot/images/MyImage.jpg file. The URI format to access a file in the images folder is https://<hostname>/images/<image_file_name>. For example, https://localhost:5001/images/MyImage.jpg

Serve files in web root

The default web app templates call the UseStaticFiles method in Startup.Configure, which enables static files to be served:

The parameterless UseStaticFiles method overload marks the files in web root as servable. The following markup references wwwroot/images/MyImage.jpg:

In the preceding code, the tilde character ~/ points to the web root.

Serve files outside of web root

Consider a directory hierarchy in which the static files to be served reside outside of the web root:

  • wwwroot
    • css
    • images
    • js
  • MyStaticFiles
    • images
      • red-rose.jpg

A request can access the red-rose.jpg file by configuring the Static File Middleware as follows:

In the preceding code, the MyStaticFiles directory hierarchy is exposed publicly via the StaticFiles URI segment. A request to https://<hostname>/StaticFiles/images/red-rose.jpg serves the red-rose.jpg file.

The following markup references MyStaticFiles/images/red-rose.jpg:

Set HTTP response headers

A StaticFileOptions object can be used to set HTTP response headers. In addition to configuring static file serving from the web root, the following code sets the Cache-Control header:

Static files are publicly cacheable for 600 seconds:

Static file authorization

The Static File Middleware doesn't provide authorization checks. Any files served by it, including those under wwwroot, are publicly accessible. To serve files based on authorization:

  • Store them outside of wwwroot and any directory accessible to the default Static File Middleware.

  • Call UseStaticFiles after UseAuthorization and specify the path:

    The preceding approach requires users to be authenticated:

    For information on how to globally require all users to be authenticated, see Require authenticated users.

An alternative approach to serve files based on authorization:

  • Store them outside of wwwroot and any directory accessible to the Static File Middleware.

  • Serve them via an action method to which authorization is applied and return a FileResult object:

Directory browsing

Directory browsing allows directory listing within specified directories.

Directory browsing is disabled by default for security reasons. For more information, see Considerations.

Enable directory browsing with:

  • AddDirectoryBrowser in Startup.ConfigureServices.
  • UseDirectoryBrowser in Startup.Configure.

The preceding code allows directory browsing of the wwwroot/images folder using the URL https://<hostname>/MyImages, with links to each file and folder:

Serve default documents

Setting a default page provides visitors a starting point on a site. To serve a default page from wwwroot without a fully qualified URI, call the UseDefaultFiles method:

UseDefaultFiles must be called before UseStaticFiles to serve the default file. UseDefaultFiles is a URL rewriter that doesn't serve the file.

With UseDefaultFiles, requests to a folder in wwwroot search for:

  • default.htm
  • default.html
  • index.htm
  • index.html

The first file found from the list is served as though the request were the fully qualified URI. The browser URL continues to reflect the URI requested.

The following code changes the default file name to mydefault.html:

The following code shows Startup.Configure with the preceding code:

UseFileServer for default documents

UseFileServer combines the functionality of UseStaticFiles, UseDefaultFiles, and optionally UseDirectoryBrowser.

Call app.UseFileServer to enable the serving of static files and the default file. Directory browsing isn't enabled. The following code shows Startup.Configure with UseFileServer:

The following code enables the serving of static files, the default file, and directory browsing:

The following code shows Startup.Configure with the preceding code:

Consider the following directory hierarchy:

  • wwwroot
    • css
    • images
    • js
  • MyStaticFiles
    • images
      • MyImage.jpg
    • default.html

The following code enables the serving of static files, the default file, and directory browsing of MyStaticFiles:

AddDirectoryBrowser must be called when the EnableDirectoryBrowsing property value is true.

Using the file hierarchy and preceding code, URLs resolve as follows:

URIResponse
https://<hostname>/StaticFiles/images/MyImage.jpgMyStaticFiles/images/MyImage.jpg
https://<hostname>/StaticFilesMyStaticFiles/default.html

If no default-named file exists in the MyStaticFiles directory, https://<hostname>/StaticFiles returns the directory listing with clickable links:

UseDefaultFiles and UseDirectoryBrowser perform a client-side redirect from the target URI without a trailing / to the target URI with a trailing /. For example, from https://<hostname>/StaticFiles to https://<hostname>/StaticFiles/. Relative URLs within the StaticFiles directory are invalid without a trailing slash (/).

FileExtensionContentTypeProvider

The FileExtensionContentTypeProvider class contains a Mappings property that serves as a mapping of file extensions to MIME content types. In the following sample, several file extensions are mapped to known MIME types. The .rtf extension is replaced, and .mp4 is removed:

The following code shows Startup.Configure with the preceding code:

See MIME content types.

Non-standard content types

The Static File Middleware understands almost 400 known file content types. If the user requests a file with an unknown file type, the Static File Middleware passes the request to the next middleware in the pipeline. If no middleware handles the request, a 404 Not Found response is returned. If directory browsing is enabled, a link to the file is displayed in a directory listing.

The following code enables serving unknown types and renders the unknown file as an image:

The following code shows Startup.Configure with the preceding code:

With the preceding code, a request for a file with an unknown content type is returned as an image.

Warning

Enabling ServeUnknownFileTypes is a security risk. It's disabled by default, and its use is discouraged. FileExtensionContentTypeProvider provides a safer alternative to serving files with non-standard extensions.

Serve files from multiple locations

UseStaticFiles and UseFileServer default to the file provider pointing at wwwroot. Additional instances of UseStaticFiles and UseFileServer can be provided with other file providers to serve files from other locations. For more information, see this GitHub issue.

Security considerations for static files

Warning

UseDirectoryBrowser and UseStaticFiles can leak secrets. Disabling directory browsing in production is highly recommended. Carefully review which directories are enabled via UseStaticFiles or UseDirectoryBrowser. The entire directory and its sub-directories become publicly accessible. Store files suitable for serving to the public in a dedicated directory, such as <content_root>/wwwroot. Separate these files from MVC views, Razor Pages, configuration files, etc.

  • The URLs for content exposed with UseDirectoryBrowser and UseStaticFiles are subject to the case sensitivity and character restrictions of the underlying file system. For example, Windows is case insensitive, but macOS and Linux aren't.

  • ASP.NET Core apps hosted in IIS use the ASP.NET Core Module to forward all requests to the app, including static file requests. The IIS static file handler isn't used and has no chance to handle requests.

  • Complete the following steps in IIS Manager to remove the IIS static file handler at the server or website level:

    1. Navigate to the Modules feature.
    2. Select StaticFileModule in the list.
    3. Click Remove in the Actions sidebar.

Warning

If the IIS static file handler is enabled and the ASP.NET Core Module is configured incorrectly, static files are served. This happens, for example, if the web.config file isn't deployed.

  • Place code files, including .cs and .cshtml, outside of the app project's web root. A logical separation is therefore created between the app's client-side content and server-based code. This prevents server-side code from being leaked.

Additional resources

By Rick Anderson and Scott Addie

Static files, such as HTML, CSS, images, and JavaScript, are assets an ASP.NET Core app serves directly to clients. Some configuration is required to enable serving of these files.

View or download sample code (how to download)

Serve static files

Static files are stored within the project's web root directory. The default directory is {content root}/wwwroot, but it can be changed via the UseWebRoot method. See Content root and Web root for more information.

The app's web host must be made aware of the content root directory.

The WebHost.CreateDefaultBuilder method sets the content root to the current directory:

Static files are accessible via a path relative to the web root. For example, the Web Application project template contains several folders within the wwwroot folder:

  • wwwroot
    • css
    • images
    • js

The URI format to access a file in the images subfolder is http://<server_address>/images/<image_file_name>. For example, http://localhost:9189/images/banner3.svg.

If targeting .NET Framework, add the Microsoft.AspNetCore.StaticFiles package to the project. If targeting .NET Core, the Microsoft.AspNetCore.App metapackage includes this package.

Configure the middleware, which enables the serving of static files.

Serve files inside of web root

Invoke the UseStaticFiles method within Startup.Configure:

The parameterless UseStaticFiles method overload marks the files in web root as servable. The following markup references wwwroot/images/banner1.svg:

In the preceding code, the tilde character ~/ points to the web root.

Serve files outside of web root

Consider a directory hierarchy in which the static files to be served reside outside of the web root:

  • wwwroot
    • css
    • images
    • js
  • MyStaticFiles
    • images
      • banner1.svg

A request can access the banner1.svg file by configuring the Static File Middleware as follows:

In the preceding code, the MyStaticFiles directory hierarchy is exposed publicly via the StaticFiles URI segment. A request to http://<server_address>/StaticFiles/images/banner1.svg serves the banner1.svg file.

The following markup references MyStaticFiles/images/banner1.svg:

Set HTTP response headers

A StaticFileOptions object can be used to set HTTP response headers. In addition to configuring static file serving from the web root, the following code sets the Cache-Control header:

If you would like to see code comments translated to languages other than English, let us know in this GitHub discussion issue.

The HeaderDictionaryExtensions.Append method exists in the Microsoft.AspNetCore.Http package.

The files have been made publicly cacheable for 10 minutes (600 seconds) in the Development environment:

Static file authorization

The Static File Middleware doesn't provide authorization checks. Any files served by it, including those under wwwroot, are publicly accessible. To serve files based on authorization:

  • Store them outside of wwwroot and any directory accessible to the Static File Middleware.

  • Serve them via an action method to which authorization is applied. Return a FileResult object:

Enable directory browsing

Directory browsing allows users of your web app to see a directory listing and files within a specified directory. Directory browsing is disabled by default for security reasons (see Considerations). Enable directory browsing by invoking the UseDirectoryBrowser method in Startup.Configure:

Add required services by invoking the AddDirectoryBrowser method from Startup.ConfigureServices:

Folder

The preceding code allows directory browsing of the wwwroot/images folder using the URL http://<server_address>/MyImages, with links to each file and folder:

See Considerations on the security risks when enabling browsing.

Note the two UseStaticFiles calls in the following example. The first call enables the serving of static files in the wwwroot folder. The second call enables directory browsing of the wwwroot/images folder using the URL http://<server_address>/MyImages:

Serve a default document

Setting a default home page provides visitors a logical starting point when visiting your site. To serve a default page without the user fully qualifying the URI, call the UseDefaultFiles method from Startup.Configure:

Important

UseDefaultFiles must be called before UseStaticFiles to serve the default file. UseDefaultFiles is a URL rewriter that doesn't actually serve the file. Enable Static File Middleware via UseStaticFiles to serve the file.

Default

With UseDefaultFiles, requests to a folder search for:

  • default.htm
  • default.html
  • index.htm
  • index.html

The first file found from the list is served as though the request were the fully qualified URI. The browser URL continues to reflect the URI requested.

The following code changes the default file name to mydefault.html:

UseFileServer

UseFileServer combines the functionality of UseStaticFiles, UseDefaultFiles, and optionally UseDirectoryBrowser.

The following code enables the serving of static files and the default file. Directory browsing isn't enabled.

The following code builds upon the parameterless overload by enabling directory browsing:

Consider the following directory hierarchy:

  • wwwroot
    • css
    • images
    • js
  • MyStaticFiles
    • images
      • banner1.svg
    • default.html

The following code enables static files, default files, and directory browsing of MyStaticFiles:

AddDirectoryBrowser must be called when the EnableDirectoryBrowsing property value is true:

Using the file hierarchy and preceding code, URLs resolve as follows:

URIResponse
http://<server_address>/StaticFiles/images/banner1.svgMyStaticFiles/images/banner1.svg
http://<server_address>/StaticFilesMyStaticFiles/default.html

If no default-named file exists in the MyStaticFiles directory, http://<server_address>/StaticFiles returns the directory listing with clickable links:

Note

UseDefaultFiles and UseDirectoryBrowser perform a client-side redirect from http://{SERVER ADDRESS}/StaticFiles (without a trailing slash) to http://{SERVER ADDRESS}/StaticFiles/ (with a trailing slash). Relative URLs within the StaticFiles directory are invalid without a trailing slash.

FileExtensionContentTypeProvider

The FileExtensionContentTypeProvider class contains a Mappings property serving as a mapping of file extensions to MIME content types. In the following sample, several file extensions are registered to known MIME types. The .rtf extension is replaced, and .mp4 is removed.

See MIME content types.

For information on using a custom FileExtensionContentTypeProvider or to configure other StaticFileOptions in Blazor Server apps, see ASP.NET Core Blazor hosting model configuration.

Non-standard content types

Static File Middleware understands almost 400 known file content types. If the user requests a file with an unknown file type, Static File Middleware passes the request to the next middleware in the pipeline. If no middleware handles the request, a 404 Not Found response is returned. If directory browsing is enabled, a link to the file is displayed in a directory listing.

The following code enables serving unknown types and renders the unknown file as an image:

With the preceding code, a request for a file with an unknown content type is returned as an image.

Warning

Enabling ServeUnknownFileTypes is a security risk. It's disabled by default, and its use is discouraged. FileExtensionContentTypeProvider provides a safer alternative to serving files with non-standard extensions.

Serve files from multiple locations

UseStaticFiles and UseFileServer defaults to the file provider pointing at wwwroot. You can provide additional instances of UseStaticFiles and UseFileServer with other file providers to serve files from other locations. For more information, see this GitHub issue.

Considerations

Warning

UseDirectoryBrowser and UseStaticFiles can leak secrets. Disabling directory browsing in production is highly recommended. Carefully review which directories are enabled via UseStaticFiles or UseDirectoryBrowser. The entire directory and its sub-directories become publicly accessible. Store files suitable for serving to the public in a dedicated directory, such as <content_root>/wwwroot. Separate these files from MVC views, Razor Pages (2.x only), configuration files, etc.

  • The URLs for content exposed with UseDirectoryBrowser and UseStaticFiles are subject to the case sensitivity and character restrictions of the underlying file system. For example, Windows is case insensitive—macOS and Linux aren't.

  • ASP.NET Core apps hosted in IIS use the ASP.NET Core Module to forward all requests to the app, including static file requests. The IIS static file handler isn't used. It has no chance to handle requests before they're handled by the module.

  • Complete the following steps in IIS Manager to remove the IIS static file handler at the server or website level:

    1. Navigate to the Modules feature.
    2. Select StaticFileModule in the list.
    3. Click Remove in the Actions sidebar.

Default Folders Windows 10

Warning

If the IIS static file handler is enabled and the ASP.NET Core Module is configured incorrectly, static files are served. This happens, for example, if the web.config file isn't deployed.

Restore Default Folders Windows 10

  • Place code files (including .cs and .cshtml) outside of the app project's web root. A logical separation is therefore created between the app's client-side content and server-based code. This prevents server-side code from being leaked.

Additional resources