Permalink
Browse files

Include code to block yaml files in installer generated .htaccess

  • Loading branch information...
1 parent acfc0be commit bec5ae188625c148568429ad308a08b0590d485e Hamish Friedlander committed Jan 29, 2013
Showing with 7 additions and 0 deletions.
  1. +7 −0 dev/install/install.php5
@@ -1268,6 +1268,13 @@ HTML;
Deny from all
</Files>
+# This denies access to all yml files, since developers might include sensitive
+# information in them. See the docs for work-arounds to serve some yaml files
+<Files *.yml>
+ Order allow,deny
+ Deny from all
+</Files>
+
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html

0 comments on commit bec5ae1

Please sign in to comment.