Skip to content

Commit 55dfa3c

Browse files
Kemi-ElizabethKemi-Elizabeth
authored
Merge branch 'main' into 4389-docs-improvments---css
2 parents 67095e2 + 7ff56af commit 55dfa3c

File tree

9 files changed

+46
-48
lines changed

9 files changed

+46
-48
lines changed

sites/platform/src/create-apps/app-reference/composable-image.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -810,13 +810,13 @@ The following table presents possible properties for each location:
810810

811811
| Name | Type | Default | Description |
812812
|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
813-
| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([see `source.root`](#source)). Must be an actual directory inside the root directory. |
813+
| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([see `source.root`](#source)). Must be an actual directory inside the root directory. |
814814
| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`. <BR> <BR> If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. |
815815
| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. |
816816
| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. |
817817
| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. |
818818
| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. |
819-
| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values. Responses from the app aren't affected. |
819+
| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. |
820820
| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. |
821821
| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. |
822822

sites/platform/src/create-apps/app-reference/single-runtime-image.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -633,10 +633,10 @@ The following table presents possible properties for each location:
633633
| `root` | `string` | | The directory to serve static assets for this location relative to the [app's root directory](#root-directory). Must be an actual directory inside the root directory. |
634634
| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`. <BR> <BR> If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. |
635635
| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. |
636-
| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. |
636+
| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. |
637637
| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. |
638638
| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. |
639-
| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values. Responses from the app aren't affected. |
639+
| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. |
640640
| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. |
641641
| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. |
642642

sites/platform/src/create-apps/web/custom-headers.md

+16-17
Original file line numberDiff line numberDiff line change
@@ -10,9 +10,10 @@ To set headers for static content, add them in [your `web` configuration](/creat
1010
You might want to do so to add custom content-type headers, limit what other sites can embed your content,
1111
or allow cross origin requests.
1212

13-
Say you want to limit most files to be embedded only on your site,
14-
but you want an exception for MP3 files.
15-
And you want to serve both MP3 and MP4 files with the correct content types to avoid [MIME sniffing](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types#mime_sniffing).
13+
Say you want to limit most files to be embedded only on your site, but you want an exception for Markdown files.
14+
And you want to serve both Markdown and [AAC](https://en.wikipedia.org/wiki/Advanced_Audio_Coding) files with the
15+
correct content types to avoid
16+
[MIME sniffing](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types#mime_sniffing).
1617

1718
Start by defining a header for files in general:
1819

@@ -29,45 +30,43 @@ web:
2930
This sets the `X-Frame-Options` header to `SAMEORIGIN` for all static files.
3031
Now your files can only be embedded within your site.
3132

32-
Now set up an exception for MP3 files using a [rule](/create-apps/app-reference/single-runtime-image.md#rules):
33+
Now set up an exception for Markdown (`*.md`) files using a [rule](/create-apps/app-reference/single-runtime-image.md#rules):
3334

3435
```yaml {configFile="app"}
3536
web:
3637
locations:
3738
"/":
3839
...
3940
rules:
40-
\.mp3$:
41+
\.md$:
4142
headers:
42-
Content-Type: audio/mpeg
43+
Content-Type: text/markdown
4344
```
4445

45-
This rule sets an explicit content type for files that end in `.mp3`.
46-
Because specific rules override the general heading configuration,
47-
MP3 files don't get the `X-Frame-Options` header set before.
46+
This rule sets an explicit content type for files that end in `.md`. Because specific rules override the general
47+
heading configuration, Markdown files don't get the `X-Frame-Options` header set before.
4848

49-
Now set a rule for MP4 files.
49+
Now set a rule for AAC files.
5050

5151
```yaml {configFile="app"}
5252
web:
5353
locations:
5454
"/":
5555
...
5656
rules:
57-
\.mp4$:
57+
\.aac$:
5858
headers:
5959
X-Frame-Options: SAMEORIGIN
60-
Content-Type: video/mp4
60+
Content-Type: audio/aac
6161
```
6262

63-
This rule sets an explicit content type for files that end in `.mp4`.
64-
It repeats the rule for `X-Frame-Options`
65-
because the `headers` block here overrides the more general configuration.
63+
This rule sets an explicit content type for files that end in `.aac`. It repeats the rule for `X-Frame-Options` because
64+
the `headers` block here overrides the more general configuration.
6665

6766
So now you have three header configurations:
6867

69-
* `X-Frame-Options: SAMEORIGIN` **and** `Content-Type: video/mp4` for MP4 files
70-
* Only `Content-Type: audio/mpeg` for MP3 files
68+
* `X-Frame-Options: SAMEORIGIN` **and** `Content-Type: audio/aac` for AAC files
69+
* Only `Content-Type: text/markdown` for Markdown files
7170
* Only `X-Frame-Options: SAMEORIGIN` for everything else
7271

7372
## Cross origin requests

0 commit comments

Comments
 (0)