**General rewording, proof-reading, deduplication, shortening, reordering, simplifica...

[github/shaarli/Shaarli.git] / .htaccess

diff --git a/.htaccess b/.htaccess
index b238854c7929d911bb7dc1b5093e29dfbee7cd46..8876e346ce70bf3ff951a5ed3e2fe682de837535 100644 (file)
--- a/.htaccess
+++ b/.htaccess
@@ -7,6 +7,7 @@ RewriteEngine On
 RewriteRule ^(.git|doxygen|vendor) - [F]
 
 # Forward the "Authorization" HTTP header
+# fixes JWT token not correctly forwarded on some Apache/FastCGI setups
 RewriteCond %{HTTP:Authorization} ^(.*)
 RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
 
@@ -16,8 +17,33 @@ RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^ index.php [QSA,L]
 
 <Limit GET POST PUT DELETE OPTIONS>
+  <IfModule version_module>
+    <IfVersion >= 2.4>
+       Require all granted
+    </IfVersion>
+    <IfVersion < 2.4>
+       Allow from all
+       Deny from none
+    </IfVersion>
+  </IfModule>
+
+  <IfModule !version_module>
     Require all granted
+  </IfModule>
 </Limit>
+
 <LimitExcept GET POST PUT DELETE OPTIONS>
+  <IfModule version_module>
+    <IfVersion >= 2.4>
+       Require all denied
+    </IfVersion>
+    <IfVersion < 2.4>
+       Allow from none
+       Deny from all
+    </IfVersion>
+  </IfModule>
+
+  <IfModule !version_module>
     Require all denied
+  </IfModule>
 </LimitExcept>