mirror of
https://github.com/joomla/joomla-cms.git
synced 2024-06-20 11:05:08 +00:00
4563141cd9
API not routed correctly on semi-SEF URLs with index.php in them such as /api/index.php/v1/content/article The reason is that the ApiRouter code is incorrectly tied to the URL rewriting option in Global Configuration and doesn't really check correctly whether the index.php part is found at the beginning of the URL.
51 lines
2.9 KiB
Plaintext
51 lines
2.9 KiB
Plaintext
<?xml version="1.0" encoding="UTF-8"?>
|
|
<configuration>
|
|
<location path=".">
|
|
<system.webServer>
|
|
<directoryBrowse enabled="false" />
|
|
<rewrite>
|
|
<rules>
|
|
<rule name="Joomla! Common Exploits Prevention" stopProcessing="true">
|
|
<match url="^(.*)$" ignoreCase="false" />
|
|
<conditions logicalGrouping="MatchAny">
|
|
<add input="{QUERY_STRING}" pattern="base64_encode[^(]*\([^)]*\)" ignoreCase="false" />
|
|
<add input="{QUERY_STRING}" pattern="(>|%3C)([^s]*s)+cript.*(<|%3E)" />
|
|
<add input="{QUERY_STRING}" pattern="GLOBALS(=|\[|\%[0-9A-Z]{0,2})" ignoreCase="false" />
|
|
<add input="{QUERY_STRING}" pattern="_REQUEST(=|\[|\%[0-9A-Z]{0,2})" ignoreCase="false" />
|
|
</conditions>
|
|
<action type="CustomResponse" url="index.php" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
|
|
</rule>
|
|
<rule name="Joomla! API Application SEF URLs">
|
|
<match url="^api/(.*)" ignoreCase="false" />
|
|
<conditions logicalGrouping="MatchAll">
|
|
<add input="{URL}" pattern="^/api/index.php" ignoreCase="true" negate="true" />
|
|
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
|
|
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
|
|
</conditions>
|
|
<action type="Rewrite" url="api/index.php" />
|
|
</rule>
|
|
<rule name="Joomla! Public Frontend SEF URLs">
|
|
<match url="(.*)" ignoreCase="false" />
|
|
<conditions logicalGrouping="MatchAll">
|
|
<add input="{URL}" pattern="^/index.php" ignoreCase="true" negate="true" />
|
|
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
|
|
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
|
|
</conditions>
|
|
<action type="Rewrite" url="index.php" />
|
|
</rule>
|
|
</rules>
|
|
</rewrite>
|
|
<httpProtocol>
|
|
<customHeaders>
|
|
<add name="X-Content-Type-Options" value="nosniff" />
|
|
<!-- Protect against certain cross-origin requests. More information can be found here: -->
|
|
<!-- https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP) -->
|
|
<!-- https://web.dev/why-coop-coep/ -->
|
|
<!-- <add name="Cross-Origin-Resource-Policy" value="same-origin" /> -->
|
|
<!-- <add name="Cross-Origin-Embedder-Policy" value="require-corp" /> -->
|
|
</customHeaders>
|
|
</httpProtocol>
|
|
</system.webServer>
|
|
</location>
|
|
</configuration>
|