Bug #91893

server response on static files - basic rules should be in default htaccess

Added by Stefan P about 1 year ago. Updated 12 months ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Security
Target version:
-
Start date:
2020-07-30
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
no-brainer
Is Regression:
Sprint Focus:

Description

These lines should be put in the shipped default .htaccess (ext:install/Resources/Private/FolderStructureTemplateFiles/root-htaccess)

See https://stackoverflow.com/questions/61759835/security-message-after-upgrade-to-9-5-17

Meaningful security measures should be included by default if they are reported anyways in the reports module in the backend.

<IfModule mod_mime.c>
    RemoveType .html .htm
    <FilesMatch ".+\.html?$">
        AddType text/html .html
        AddType text/html .htm
    </FilesMatch>

    RemoveType .svg .svgz
    <FilesMatch ".+\.svgz?$">
        AddType image/svg+xml .svg
        AddType image/svg+xml .svgz
    </FilesMatch>
</IfModule>

Related issues

Related to TYPO3 Core - Task #91354: Integrate server response security checksClosedOliver Hader2020-05-10

Actions

Also available in: Atom PDF