Problem/Motivation

We shouldn't be serving pictures of scrumptious food on all drupal sites.

Proposed resolution

Add a .htaccess file preventing downloading from core/profiles/demo_umami/modules/demo_umami_content/default_content/images

Remaining tasks

User interface changes

API changes

Data model changes

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

larowlan created an issue. See original summary.

larowlan’s picture

this should work, but I use nginx with fpm, so can't be sure the pass is actually a pass

Eli-T’s picture

Status: Needs review » Reviewed & tested by the community

Tested 2941488-htaccess-pass.patch with Apache - with the patch applied, attempting to load core/profiles/demo_umami/modules/demo_umami_content/default_content/images/chocolate-brownie-umami.jpg results in a 403 response. Without the patch, the image is loaded.

htaccess file looks fine.

The last submitted patch, 2: 2941488-htaccess-fail.patch, failed testing. View results

alexpott’s picture

@Eli-T thanks for documenting the steps you took to test the patch - adding review credit.

alexpott’s picture

Status: Reviewed & tested by the community » Fixed

Committed 9c78355 and pushed to 8.6.x. Thanks!

  • alexpott committed 9c78355 on 8.6.x
    Issue #2941488 by larowlan, Eli-T: Add a .htaccess file to core/profiles...
alexpott’s picture

Re nginx. I guess nginx and other webservers will still have this issue. If we backport umami to 8.5.0 then we might want to mention this somewhere deep in the release notes. A more general solution for this problem is #2936841: Remove images from demo_umami profile and download upon installation instead

Eli-T’s picture

@alexpott wrt #2936841: Remove images from demo_umami profile and download upon installation instead, it's possible that we might keep one image to use as a fallback when no network is available when installing the Umami profile, so that issue might not mititgate the requirement for htaccess.

Also #2940362: Move recipe instruction out of csv file in to their own text file. proposes adding another htaccess file to the folder containing the html files with recipe instructions.

  • alexpott committed 28c833e on 8.5.x
    Issue #2941488 by larowlan, Eli-T: Add a .htaccess file to core/profiles...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.