diff options
Diffstat (limited to 'Bugzilla/Install/Filesystem.pm')
| -rw-r--r-- | Bugzilla/Install/Filesystem.pm | 42 |
1 files changed, 15 insertions, 27 deletions
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index 22ec34a95..162e324f7 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -31,6 +31,7 @@ use File::Path; use File::Basename; use File::Copy qw(move); use File::Spec; +use File::stat; use Cwd (); use File::Slurp; use IO::File; @@ -81,12 +82,16 @@ EOT use constant HT_ASSETS_DIR => <<'EOT'; # Allow access to .css and js files -<FilesMatch \.(css|js)$> - Allow from all +<FilesMatch state\.json$> + Deny from all </FilesMatch> +FileETag None +Header set Cache-Control "public, immutable, max-age=31536000" +Header set Content-Security-Policy "default-src 'none';" + # And no directory listings, either. -Deny from all +Options -Indexes EOT use constant INDEX_HTML => <<'EOT'; @@ -344,7 +349,7 @@ sub FILESYSTEM { $attachdir => DIR_CGI_WRITE, $graphsdir => DIR_CGI_WRITE | DIR_ALSO_WS_SERVE, $webdotdir => DIR_CGI_WRITE | DIR_ALSO_WS_SERVE, - $assetsdir => DIR_CGI_WRITE | DIR_ALSO_WS_SERVE, + $assetsdir => DIR_WS_SERVE, $template_cache => DIR_CGI_WRITE, $error_reports => DIR_CGI_WRITE, # Directories that contain content served directly by the web server. @@ -446,8 +451,13 @@ sub FILESYSTEM { "$webdotdir/.htaccess" => { perms => WS_SERVE, contents => HT_WEBDOT_DIR }, "$assetsdir/.htaccess" => { perms => WS_SERVE, - contents => HT_ASSETS_DIR }, + contents => HT_ASSETS_DIR }, ); + my $mtime = stat(__FILE__)->mtime; + foreach my $file (keys %htaccess) { + my $file_stat = stat($file); + $htaccess{$file}{overwrite} = $file_stat && $mtime > $file_stat->mtime; + } Bugzilla::Hook::process('install_filesystem', { files => \%files, @@ -561,7 +571,6 @@ sub update_filesystem { _remove_empty_css_files(); _convert_single_file_skins(); - _remove_dynamic_assets(); } sub _css_url_fix { @@ -627,27 +636,6 @@ sub _convert_single_file_skins { } } -# delete all automatically generated css/js files to force recreation at the -# next request. -sub _remove_dynamic_assets { - my @files = ( - glob(bz_locations()->{assetsdir} . '/*.css'), - glob(bz_locations()->{assetsdir} . '/*.js'), - ); - foreach my $file (@files) { - unlink($file); - } - - # remove old skins/assets directory - my $old_path = bz_locations()->{skinsdir} . '/assets'; - if (-d $old_path) { - foreach my $file (glob("$old_path/*.css")) { - unlink($file); - } - rmdir($old_path); - } -} - sub create_htaccess { _create_files(%{FILESYSTEM()->{htaccess}}); |