Closed conseilgouz closed 5 years ago
zero-24
commented
5 years ago Agree. Any suggestions how to deal with the web.config file? The .htaccess part should be as simple as dropping the lines added but I don't see where i can make sure I only remove the rules added in the web.config files.
conseilgouz
commented
5 years ago I tried to fix this problem but found it was not that easy, reason why I created an issue instead of a PR....
Still working on this.
zero-24
commented
5 years ago Ok :) for .htaccess it should be something like this: https://github.com/zero-24/plg_system_httpheader/blob/master/httpheader.php#L253-L286
This removes the headers set from the .htaccess after that the buffer needs to be written back to the file again. The problem is that on every save action of the plugin we would than try to rewrite the htaccess.
zero-24
commented
5 years ago hmm as for the core version of the plugin we decided to drop that option completely. I tend to do the same thing here. What do you think @pmleconte @SniperSister ?
SniperSister
commented
5 years ago Agreed
conseilgouz
commented
5 years ago Ok for me
zero-24
commented
5 years ago
If you disable "write headers to config. file", security headers lines remain in .htaccess/web.config file. These lines won't be updated anymore if you update plugin's parameters, creating potential problems.