Harden security, modularize API bootstrap, and fix scale SSE auth.
Block web access to sensitive paths, require API_TOKEN for mutations, encrypt GitHub issue credentials in .env, auto-provision tokens for same-origin clients, and pass api_token in scale relay URLs since EventSource cannot send headers. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
dadaloop82
@@ -1,5 +1,19 @@
|
||||
RewriteEngine On
|
||||
|
||||
# Block sensitive files (Apache 2.4+)
|
||||
<Files ".env">
|
||||
Require all denied
|
||||
</Files>
|
||||
<Files ".env.example">
|
||||
Require all denied
|
||||
</Files>
|
||||
<Files "backup.sh">
|
||||
Require all denied
|
||||
</Files>
|
||||
<FilesMatch "^\.">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
# Force HTTPS
|
||||
RewriteCond %{HTTPS} !=on
|
||||
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
||||
|
||||
Reference in New Issue
Block a user