Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deny direct browser access to /static URLs / different cache folder #4

Closed
sebastiangreger opened this issue Apr 7, 2022 · 8 comments
Closed

Deny direct browser access to /static URLs / different cache folder #4

sebastiangreger opened this issue Apr 7, 2022 · 8 comments

Comments

@sebastiangreger
Copy link

Should the /static folder be blocked from direct access via URL? (…either a .htaccess file in that folder or instructions in Readme)

Reasoning:

  • avoid getting this technical folder indexed, with potential SEO duplicate content issues
  • maybe some security implications (can't immediately think of any, though)

…or maybe this folder should be placed under site/static or even site/cache/static in the first place, to take it out of public reach and semantically make it part of Kirby's "internals"?
@bastianallgeier
Copy link
Member

I think you are right. It would be kind of cool to have a redirect rule for everything in the static cache. I.e. in case you hit /static/photography/index.html you get redirected to /photography.

I also thought about putting it in the site folder, but that's less flexible when you want to use a public folder setup.

@iskrisis
Copy link
Contributor

iskrisis commented Apr 7, 2022
edited
Loading

This would also fix blocking /static as possible Page in Kirby. Problem i had with /media in the past. Now that i think about it i should have fixed these /media issues in similar way by moving it out of public and making redirect.

@bastianallgeier
Copy link
Member

I guess it would be best to have a configurable root option for the static cache. Then you could decide for yourself where it should be living.

@iskrisis
Copy link
Contributor

iskrisis commented Apr 7, 2022

@bastianallgeier should it be new root option when you already have to set it up in config.php? Shouldn't it live there?

@bastianallgeier
Copy link
Member

@iskrisis not sure what you mean

@iskrisis
Copy link
Contributor

iskrisis commented Apr 7, 2022

@bastianallgeier I think i misunderstood i thought you want to make new $kirby->root('staticache') but you probably meant the same as me

 'cache' => [
   'pages' => [
     'active' => true,
     'type' => 'static',
    `root`=> '/yady/dada`
   ]
 ]

Anyway personally i like putting it somewhere into $kirby->roots('cache') by default. As @sebastiangreger proposed.

@lukasbestle
Copy link
Member

I like the idea to put it in site/cache. Also fits from the semantics. The root could still be overridden by those who use a public folder setup.

@iskrisis iskrisis mentioned this issue Apr 11, 2022
Closed
@lukasbestle lukasbestle changed the title Deny direct browser access to /static URLs Deny direct browser access to /static URLs / different cache folder Apr 11, 2022
@rasteiner rasteiner mentioned this issue Apr 23, 2022
Closed
@lukasbestle
Copy link
Member

lukasbestle added a commit that referenced this issue Dec 20, 2022
@lukasbestle
Use Kirby cache dir; allow root override
910d4d2 
Closes #4.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bastianallgeier @lukasbestle @iskrisis @sebastiangreger