Protect private files

When the Gui instance runs, it creates a web server that serves the registered pages, with the root of the site located where the __main__ Python module file is located.
This allows malicious users to potentially access the files of your application if those users know their path names: the main file of a Python application is often called, so anyone could request the http://<url:port>/ and see your Python source code.
This can be even more dangerous if your application relies on data files that are meant to remain private. If a user of your application happens to discover the path to this file, the application has a security vulnerability because this file can be directly accessed using the underlying web server.

The way to solve that issue is to configure the application server to indicate which requests are safe and which should be blocked.

Taipy GUI, however, comes with a simple feature that makes this configuration far simpler: Located next to the main module of your application, you can create a file called .taipyignore that lists files or directories that you want to protect against a direct request.
The syntax of this text file is identical to the syntax used by Git for its .gitignore file.

If a user requests a file whose path matches one that appears in .taipyignore then the Taipy web server returns an HTTP error 404 (Not Found), protecting your file from being downloaded without your consent.