From 6970723aebae7ae90405368e6314e113885cd0de Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 19 Nov 2024 21:28:50 +0100
Subject: Rework Apache deny access outside p (#7008)

* Rework Apache deny access outside p
The deny rules introduced by
https://github.com/FreshRSS/FreshRSS/pull/6881
gave problems for API access.
See also
https://github.com/FreshRSS/FreshRSS/discussions/6879

* Fix scope of deny logic

* Fix scope of deny logic

* Allow .txt
For e.g. `robots.txt`
---
 p/.htaccess        | 7 -------
 p/themes/.htaccess | 7 +++++++
 2 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'p')

diff --git a/p/.htaccess b/p/.htaccess
index 40dd7e51f..70bc34710 100644
--- a/p/.htaccess
+++ b/p/.htaccess
@@ -1,10 +1,3 @@
-<IfModule mod_authz_core.c>
-	# Deny files starting with a dot, or without extension (except some), or not in a whitelist of extensions
-	<FilesMatch "^\.|^(?!oidc)[^.]+$|\.(?!css|gif|html|ico|js|php|png|svg|txt|woff|woff2)[^.]*$">
-		Require all denied
-	</FilesMatch>
-</IfModule>
-
 <IfModule mod_dir.c>
 	DirectoryIndex	index.php index.html
 </IfModule>
diff --git a/p/themes/.htaccess b/p/themes/.htaccess
index 0e78aab3a..42732cd38 100644
--- a/p/themes/.htaccess
+++ b/p/themes/.htaccess
@@ -1,3 +1,10 @@
+<IfModule mod_authz_core.c>
+	# Deny files without extension or with specific extensions
+	<FilesMatch "^[^.]+$|\.(json|md|scss|sh)$">
+		Require all denied
+	</FilesMatch>
+</IfModule>
+
 <IfModule mod_mime.c>
 	AddType font/woff .woff
 	AddType font/woff2 .woff2
-- 
cgit v1.2.3