COMMANDBOX-1647

gradle/version

@@ -1 +1 @@
-5.0.8-0de55e3b7a2f4c8dd5b33ef11edc7a90a39506e7-96ea216b7cfb6883a6af15c191a94953a0596b9c
+5.0.9-0de55e3b7a2f4c8dd5b33ef11edc7a90a39506e7-96ea216b7cfb6883a6af15c191a94953a0596b9c

src/main/java/runwar/undertow/SiteDeployment.java

@@ -210,16 +210,17 @@ public String toString() {
 
             @Override
             public void handleRequest(final HttpServerExchange exchange) throws Exception {
-
+                String CononicalURI = CanonicalPathUtils.canonicalize(exchange.getRelativePath());
                 Resource resource = resourceManager
-                        .getResource(CanonicalPathUtils.canonicalize(exchange.getRelativePath()));
+                        .getResource(CononicalURI);
                 if (resource != null && !resource.isDirectory()) {
                     String ext = resource.getFile().getName().toLowerCase();
                     if (ext.contains(".")) {
                         ext = ext.substring(ext.lastIndexOf(".") + 1);
                     }
 
-                    if (!extSet.contains(ext)) {
+                    // Whitelist the /.well-known/ directory
+                    if (!CononicalURI.startsWith("/.well-known/") && !extSet.contains(ext)) {
                         LOG.debug(
                                 "Blocking access to [" + exchange.getRelativePath() + "] based on allowed extensions.");
                         exchange.setStatusCode(403);