API Block all yaml files by default, to reduce the change of information leakage

2024-10-22 17:05:33 +02:00 · 2012-12-13 09:02:56 +13:00 · 2012-12-13 09:02:56 +13:00 · becc5baa34
commit becc5baa34
parent 98135df7d3
1 changed files with 7 additions and 0 deletions
--- a/.htaccess
+++ b/.htaccess
@ -10,6 +10,13 @@
 	Deny from all
 </Files>

+# This denies access to all yml files, since developers might include sensitive
+# information in them. See the docs for work-arounds to serve some yaml files
+<Files *.yml>
+	Order allow,deny
+	Deny from all
+</Files>
+
 ErrorDocument 404 /assets/error-404.html
 ErrorDocument 500 /assets/error-500.html