A common pattern for Drupal is to generate an .htaccess file that denies access to contents within that directory.

This only affects Apache webserver users, but that is also a very common use case.

The form should also through a warning if you're about to generate the keys in the default public files directory. Just some guard rails.

CommentFileSizeAuthor
#2 3095250-2.patch2.03 KBmglaman

Issue fork simple_oauth-3095250

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

mglaman created an issue. See original summary.

mglaman’s picture

mglaman
Primary language English
Location WI, USA
CreditAttribution: mglaman at Centarro commented
Status: Active » Needs review
FileSize
3095250-2.patch2.03 KB

Here's a go.

bradjones1’s picture

bradjones1
Primary language English
CreditAttribution: bradjones1 at Not Vanilla, Inc. commented
Version: 8.x-4.x-dev » 5.x-dev

phoang made their first commit to this issue’s fork.

phoang opened merge request !26

phoang’s picture

phoang CreditAttribution: phoang as a volunteer commented
Status: Needs review » Reviewed & tested by the community

Tested on 5.2.x/5.2.0 and the .htaccess file generated.
Created the PR for same patch for ready to merge on next release.

bojan_dev made their first commit to this issue’s fork.

  • bojan_dev committed a0622c1 on 5.2.x authored by phoang 
    Issue #3095250: Public and private key generation should add .htaccess...

bojan_dev opened merge request !47

  • bojan_dev committed 205a830 on 6.0.x 
    Issue #3095250: Public and private key generation should add .htaccess...
bojan_dev’s picture

bojan_dev CreditAttribution: bojan_dev at Open Social commented
Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.