Allow .well-known folder on Nginx #1913
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Questions | Answers | ------------- | ------------------------------------------------------- | Branch? | 1.7.x | Description? | See below | Fixed ticket? | Fixes PrestaShop#1911 Updated the Nginx configuration to explicitly allow access to the `.well-known` directory while maintaining the restriction for other hidden files and directories (e.g., `.htaccess`, `.htpasswd`). The `.well-known` directory is commonly used for domain verification and other standards-compliant purposes (e.g., Apple Pay’s `apple-developer-merchantid-domain-association` file). This change ensures that legitimate requests to `.well-known` resources are served while keeping other hidden files secure. Steps to Verify: 1. Place a test file (e.g., `.well-known/test-file`) in the web root. 2. Verify that the file is accessible at `http://yourdomain.com/.well-known/test-file`. 3. Confirm that other hidden files (e.g., `.htaccess`) remain inaccessible. Changes Made: - Modified the existing `location ~ /\.` block to ensure `.well-known` is accessible. - The updated configuration maintains the deny rule for all other hidden files and directories, preserving security.
seiwan
approved these changes
Jan 8, 2025
kpodemski
approved these changes
Jan 13, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updated the Nginx configuration to explicitly allow access to the
.well-knowndirectory while maintaining the restriction for other hidden files and directories (e.g.,.htaccess,.htpasswd).The
.well-knowndirectory is commonly used for domain verification and other standards-compliant purposes (e.g., Apple Pay’sapple-developer-merchantid-domain-associationfile). This change ensures that legitimate requests to.well-knownresources are served while keeping other hidden files secure.Steps to Verify:
.well-known/test-file) in the web root.http://yourdomain.com/.well-known/test-file..htaccess) remain inaccessible.Changes Made:
location ~ /\.block to ensure.well-knownis accessible.