23a5fc1eef
Merge latest 0.12.2
2023-05-24 11:35:15 +02:00
8aca613b07
Use version condition in the root .htaccess
...
Related to #1196
2018-08-10 17:45:29 +02:00
6410bf9670
API - Apache - Specify allowed HTTP method in .htaccess
2018-07-05 20:47:26 +02:00
460cf03d67
httpd: always forward the 'Authorization' header
...
On some Apache HTTPD setups where the CGI/FastCGI mode is used, the HTTP header
containing the JWT token is not forwarded, which results in the following error
when attempting to use the REST API:
"401 Not authorized: JWT token not provided"
This patch allows forwarding the 'Authorization' header. An alternative would
be to use the `CGIPassAuth` directive to allow all authorization headers to be
forwarded.
See:
- https://secure.php.net/manual/en/features.http-auth.php#114877
- https://stackoverflow.com/questions/26475885/authorization-header-missing-in-php-post-request
- https://stackoverflow.com/questions/13387516/authorization-header-missing-in-django-rest-framework-is-apache-to-blame
- https://stackoverflow.com/questions/17018586/apache-2-4-php-fpm-and-authorization-headers
- https://httpd.apache.org/docs/2.4/en/mod/core.html#cgipassauth
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-03-22 22:23:41 +01:00
cabf1b6bec
htaccess: prevent accessing resources not managed by SCM
...
See:
- https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/
- https://stackoverflow.com/questions/2530372/how-do-i-disable-directory-browsing
- https://httpd.apache.org/docs/current/mod/mod_rewrite.html
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-02-05 18:18:52 +01:00
18e6796726
REST API structure using Slim framework
...
* REST API routes are handle by Slim.
* Every API controller go through ApiMiddleware which handles security.
* First service implemented `/info`, for tests purpose.
2016-12-15 10:36:00 +01:00
Knah Tsaeb
ArthurHoaro
VirtualTam