diff --git a/hosts/ocaml/bin/sx_server.ml b/hosts/ocaml/bin/sx_server.ml
index ffa7056e..60e6c028 100644
--- a/hosts/ocaml/bin/sx_server.ml
+++ b/hosts/ocaml/bin/sx_server.ml
@@ -1562,7 +1562,16 @@ let serve_static_file static_dir url_path =
     let rel = String.sub url_path 8 (String.length url_path - 8) in
     let rel = match String.index_opt rel '?' with
       | Some i -> String.sub rel 0 i | None -> rel in
-    if String.contains rel '\x00' || (String.length rel > 1 && String.sub rel 0 2 = "..") then
+    let has_substring s sub =
+      let slen = String.length s and sublen = String.length sub in
+      if sublen > slen then false
+      else let rec check i = if i > slen - sublen then false
+        else if String.sub s i sublen = sub then true else check (i + 1)
+      in check 0
+    in
+    if String.contains rel '\x00' || (String.length rel > 1 && String.sub rel 0 2 = "..")
+       || has_substring rel ".assets/"
+       || Filename.check_suffix rel ".map" then
       http_response ~status:403 "Forbidden"
     else
       let file_path = static_dir ^ "/" ^ rel in