Project

General

Profile

Actions
Copy link

Bug #91893

closed

server response on static files - basic rules should be in default htaccess

Added by Stefan P over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Oliver Hader
Category:
Security
Target version:
-
Start date:
2020-07-30
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
no-brainer
Is Regression:
Sprint Focus:

Description

These lines should be put in the shipped default .htaccess (ext:install/Resources/Private/FolderStructureTemplateFiles/root-htaccess)

See https://stackoverflow.com/questions/61759835/security-message-after-upgrade-to-9-5-17

Meaningful security measures should be included by default if they are reported anyways in the reports module in the backend.

<IfModule mod_mime.c>
    RemoveType .html .htm
    <FilesMatch ".+\.html?$">
        AddType text/html .html
        AddType text/html .htm
    </FilesMatch>

    RemoveType .svg .svgz
    <FilesMatch ".+\.svgz?$">
        AddType image/svg+xml .svg
        AddType image/svg+xml .svgz
    </FilesMatch>
</IfModule>

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Task #91354: Integrate server response security checksClosedOliver Hader2020-05-10

Actions
Actions
Copy link

Also available in: Atom PDF