square / connect-api-examples

Code samples demonstrating the functionality of the Square Connect API
https://developer.squareup.com/docs/sample-apps
393 stars 790 forks source link

connect example .env file exposed (!) - include a .htaccess to hide deny #403

Open yosun opened 1 year ago

yosun commented 1 year ago

I like the web js flow that makes payment easy (so that indie devs can focus on building the main app logic), but it seems that if someone quickly deploys, the .env file is exposed. Please include a default .htaccess that protects the env file

.htaccess

# Disable index view
Options -Indexes

# Hide a specific file
<Files .env>
    Order allow,deny
    Deny from all
</Files>