X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=.htaccess;h=b238854c7929d911bb7dc1b5093e29dfbee7cd46;hb=1c88a7b33e90ba3e33d88b148c086bc298126332;hp=19dd72a805e7b3bd170c87aabb25ad4764ca179a;hpb=cabf1b6becbc0143f6a9d0d6846fd948c06b5a64;p=github%2Fshaarli%2FShaarli.git

diff --git a/.htaccess b/.htaccess
index 19dd72a8..b238854c 100644
--- a/.htaccess
+++ b/.htaccess
@@ -6,7 +6,18 @@ RewriteEngine On
 # Prevent accessing subdirectories not managed by SCM
 RewriteRule ^(.git|doxygen|vendor) - [F]
 
+# Forward the "Authorization" HTTP header
+RewriteCond %{HTTP:Authorization} ^(.*)
+RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+
 # REST API
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^ index.php [QSA,L]
+
+<Limit GET POST PUT DELETE OPTIONS>
+    Require all granted
+</Limit>
+<LimitExcept GET POST PUT DELETE OPTIONS>
+    Require all denied
+</LimitExcept>