You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
When using NGINX, the default.conf is loaded by default. However, it does not protect the storage folder and its subfolders from the execution of PHP files.
Shouldn't this directive be added to prevent attacks?
@noeminihoul If your application does not allow user upload .php then you should filter it in request validation instead filter in web server.
For example, if you used the php artisan view:cache or other cache command, laravel will put the cached file in app/storage/framework/views or app/storage/framework/..., your nginx config will broke it.
Is your feature request related to a problem? Please describe.
When using NGINX, the default.conf is loaded by default. However, it does not protect the storage folder and its subfolders from the execution of PHP files.
Shouldn't this directive be added to prevent attacks?
The text was updated successfully, but these errors were encountered: