Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 UTC on 18 March 2024, to get $100 off your ticket.
Problem/Motivation
We shouldn't be serving pictures of scrumptious food on all drupal sites.
Proposed resolution
Add a .htaccess file preventing downloading from core/profiles/demo_umami/modules/demo_umami_content/default_content/images
Remaining tasks
User interface changes
API changes
Data model changes
Comment | File | Size | Author |
---|---|---|---|
#2 | 2941488-htaccess-pass.patch | 1.58 KB | larowlan |
#2 | 2941488-htaccess-fail.patch | 977 bytes | larowlan |
Comments
Comment #2
larowlanthis should work, but I use nginx with fpm, so can't be sure the pass is actually a pass
Comment #3
Eli-TTested 2941488-htaccess-pass.patch with Apache - with the patch applied, attempting to load core/profiles/demo_umami/modules/demo_umami_content/default_content/images/chocolate-brownie-umami.jpg results in a 403 response. Without the patch, the image is loaded.
htaccess file looks fine.
Comment #5
alexpott@Eli-T thanks for documenting the steps you took to test the patch - adding review credit.
Comment #6
alexpottCommitted 9c78355 and pushed to 8.6.x. Thanks!
Comment #8
alexpottRe nginx. I guess nginx and other webservers will still have this issue. If we backport umami to 8.5.0 then we might want to mention this somewhere deep in the release notes. A more general solution for this problem is #2936841: Remove images from demo_umami profile and download upon installation instead
Comment #9
Eli-T@alexpott wrt #2936841: Remove images from demo_umami profile and download upon installation instead, it's possible that we might keep one image to use as a fallback when no network is available when installing the Umami profile, so that issue might not mititgate the requirement for htaccess.
Also #2940362: Move recipe instruction out of csv file in to their own text file. proposes adding another htaccess file to the folder containing the html files with recipe instructions.