[byteball.org] .htaccess file is available publicly.
Project Detalis
Github Repository: https://github.com/byteball/byteball-web/
Platform: https://byteball.org
Expected Behaviour
The htaccess file is used to stop users from accessing certain files and folders. It should not be available to anyone and should be hidden according to its RFC.
Actual Behaviour
.htaccess file is available to anyone to view.
Steps to Reproduce
- Visit https://byteball.org/.htaccess in browser and it will be downloaded which can be viewed using any text editor.
or curl https://byteball.org/.htaccess will also work in terminal.
Possible Fix
Add this code to .htaccess file
<files .htaccess> order allow,deny deny from all </files>
Hi @neutrinoguy, thanks for the contribution.
I see it has been fixed by the PO, thanks to your notifying him via the issue opened on github. Files in .htaccess should not be served in plain text when requested via url, access should be denied since they are originally meant to be hidden.
Great to know it's been fixed.
My feedback:
Thanks again for this contribution, I look forward to your future bug reports.
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]
Hey @neutrinoguy
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!
Indeed it would seem so. Great catch!