X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=.htaccess;h=9d1522dfb14544aae9c8e5398c18c33ac8290472;hb=refs%2Fheads%2Flatest;hp=66ef8f69ce39e127dc266c9ab3727c4b8be4f9fa;hpb=fcf141926da98a4a656a785df991858819961319;p=github%2Fshaarli%2FShaarli.git

diff --git a/.htaccess b/.htaccess
index 66ef8f69..9d1522df 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,4 +1,37 @@
+# Disable directory listing
+Options -Indexes
+
 RewriteEngine On
+
+# Prevent accessing subdirectories not managed by SCM
+RewriteRule ^(.git|doxygen|vendor) - [F]
+
+# Forward the "Authorization" HTTP header
+# fixes JWT token not correctly forwarded on some Apache/FastCGI setups
+RewriteCond %{HTTP:Authorization} ^(.*)
+RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+# Alternative (if the 2 lines above don't work)
+# SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+# Slim URL Redirection
+# Ionos Hosting needs RewriteBase /
+# RewriteBase /
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^ index.php [QSA,L]
+
+<LimitExcept GET POST PUT DELETE PATCH OPTIONS>
+  <IfModule version_module>
+    <IfVersion >= 2.4>
+       Require all denied
+    </IfVersion>
+    <IfVersion < 2.4>
+       Allow from none
+       Deny from all
+    </IfVersion>
+  </IfModule>
+
+  <IfModule !version_module>
+    Require all denied
+  </IfModule>
+</LimitExcept>