Contrib.social

Block requests to phpstorm test request files by default

Open on Drupal.org →
Created on 16 April 2020, about 5 years ago
Updated 10 February 2024, over 1 year ago

Many drupal developers are using phpstorm as their IDE. For decoupled development there is a useful feature: You can write your test requests into files and execute the requests with the built-in HTTP client. You can commit the request files alongside the code that implements the functionality.

See also https://www.jetbrains.com/help/phpstorm/http-client-in-product-code-edit...

But unless the developer takes extra care the test request files get deployed to production and are accessible from the internet. This may not be desirable (disclose information about test users, for instance).

Drupal Core should restrict the access to these files by default. The standard file extensions that should be added to the .htaccess file are ".http" and ".rest".

Feature request
Status

Postponed: needs info

Version

11.0 🔥

Component
Other 

Last updated about 6 hours ago

Created by

🇩🇪Germany cspitzlay 🇩🇪🇪🇺

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago
    🇳🇿New Zealand quietone

    To continue here this needs responses to address #14 and #16. Since those comments there has been very little discussion.

    Since we need more information to move forward with this issue, I am setting the status to Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

    Thanks!

  • Status changed to Closed: works as designed 1 day ago
  • Comment 1 day ago
    🇳🇿New Zealand quietone

    There has been no further information here. The reason for not doing this have been provided by a committer and a direction give on a better solution

    I think rather than doing issues like this we should be concentrating on how to get the entire code base out of docroot including core and Drupal modules. That will make Drupal more secure enable us to have a much much simpler .htaccess file.

    🌱 Make Drupal core folder agnostic and allow it to be placed in vendor/drupal/core Active

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024