Commit 9c783555 authored by alexpott's avatar alexpott

Issue #2941488 by larowlan, Eli-T: Add a .htaccess file to...

Issue #2941488 by larowlan, Eli-T: Add a .htaccess file to core/profiles/demo_umami/modules/demo_umami_content/default_content/images to prevent direct downloading of images
parent 41baf345
# Deny all requests from Apache 2.4+.
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
# Deny all requests from Apache 2.0-2.2.
<IfModule !mod_authz_core.c>
Deny from all
</IfModule>
# Turn off all options we don't need.
Options None
Options +FollowSymLinks
......@@ -169,4 +169,15 @@ public function testDemonstrationWarningMessage() {
$web_assert->pageTextNotContains('This installation is for demonstration purposes only.');
}
/**
* Tests that sample images are not accessible to the webserver.
*/
public function testAccessDeniedToSampleImages() {
$file_name = 'chocolate-brownie-umami.jpg';
$file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/images/' . $file_name;
$this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
$this->drupalGet($file_path);
$this->assertSession()->statusCodeEquals(403);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment