TYPO3 Core

https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/ApiOverview/Hooks/Events/Core/Resource/GeneratePublicUrlForResourceEvent.html

Method: setPublicUrl(?string $publicUrl)
Description: Sets new public URL of resource - or removes public url (by setting null), disallowing public access.

Calling setPublicUrl(null) in an event listener does not disallow public access.

Perhaps GeneratePublicUrlForResourceEvent should implement StoppableEventInterface so we can force publicUrl = null.

As a workaround publicUrl can be set to an empty string (setPublicUrl('')). But that causes false URI generation using core ViewHelpers (e.g. f:uri.image) with absolute="true".