Skip to content

Releases: SyntaxC4-MSFT/ComposerExtension

Composer in Root.

23 Jul 08:35
@SyntaxC4 SyntaxC4
v0.3.0
ca545a4
Compare
Choose a tag to compare
Composer in Root. Latest
Latest

After finding a few issues with moving the vendor directory, I decided to revert that change (removing an environment variable). With that change moving things back into the publicly accessible site it was necessary to implement a url rewrite rule to reject any requests to the vendor directory for security purposes.

Assets 3
Loading

Liberated the Vendor Dir

16 Jul 22:09
@SyntaxC4 SyntaxC4
v0.2.8
b62a412
Compare
Choose a tag to compare
Liberated the Vendor Dir

Removed the COMPOSER_VENDOR_DIR environment variable due to issues using create-project or global require.

Still working on a work around for create-project which seems to be acting inconsistently.

Security Issue - vendor directory is placed back into a publicly accessible folder, you can fix this by adding a web.config file to the vendor directory.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <requestFiltering>
                <denyUrlSequences>
                    <add sequence="/" />
                </denyUrlSequences>
            </requestFiltering>
        </security>
    </system.webServer>
</configuration>
Loading