Description
Is your feature request related to a problem? Please describe.
Since this is a core application bundled with existtdb it should follow security best practices.
Describe the solution you'd like
Instead of defaulting to allow any route on top of some explicitly handled ones, the controller should handle each allowed route explicitly and any other route should result in a specific error (eg. NotFound with HTTP status-code 404).
Here is the default route handling code in the controller.xql
documentation/src/main/xar-resources/controller.xql
Lines 101 to 104 in 4d06731
Describe alternatives you've considered
Switch to https://github.com/eeditiones/roaster which will ensure explicit route handling.
Not exposing this application on public servers.