Jonathan Miller
1799401db5
Branch Policy Check / Verify merge target (pull_request) Successful in 1s
- Add Copyright + FILE INFORMATION headers to 11 PHP enterprise classes - Add FILE INFORMATION blocks to 9 PHP files with incomplete headers - Add headers to 2 test files - Add markdown comment headers to 27 index/README files - Add headers to 5 root markdown files - Add FILE INFORMATION to 4 files with existing but incomplete headers All files now conform to moko-platform file header standard. Authored-by: Moko Consulting Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
88 lines
2.9 KiB
Markdown
88 lines
2.9 KiB
Markdown
<!--
|
|
Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
SPDX-License-Identifier: GPL-3.0-or-later
|
|
FILE INFORMATION
|
|
DEFGROUP: MokoStandards.Index
|
|
INGROUP: MokoStandards.Templates.Security
|
|
REPO: https://git.mokoconsulting.tech/MokoConsulting/moko-platform
|
|
PATH: /templates/security/README.md
|
|
BRIEF: Security templates README
|
|
-->
|
|
|
|
# Security Templates
|
|
|
|
This directory contains security-related templates for MokoStandards repositories.
|
|
|
|
## index.html - Directory Listing Prevention (Static)
|
|
|
|
**Purpose**: Prevents directory listing on static web servers for security purposes.
|
|
|
|
**Usage**: Copy this file to all `src/` directories and their subdirectories in organization repositories.
|
|
|
|
```bash
|
|
# Copy to src directory and all subdirectories
|
|
find src -type d -exec cp templates/security/index.html {} \;
|
|
```
|
|
|
|
**Policy**: All organization repositories must include an `index.html` redirect file in:
|
|
- `src/` directory (if it exists)
|
|
- All subdirectories under `src/`
|
|
|
|
**Security Rationale**:
|
|
- Prevents web servers from exposing directory contents
|
|
- Redirects users to the repository root
|
|
- Uses `noindex, nofollow` meta tags to prevent search engine indexing
|
|
- Provides immediate redirect via both meta refresh and JavaScript
|
|
|
|
**Template Features**:
|
|
- Redirects to `/` (repository root)
|
|
- Minimal, clean design
|
|
- Works with and without JavaScript
|
|
- SEO-safe with noindex directive
|
|
|
|
## index.php - Directory Listing Prevention (PHP)
|
|
|
|
**Purpose**: Prevents directory listing on PHP-enabled web servers for security purposes.
|
|
|
|
**Usage**: Copy this file to all `src/` directories and their subdirectories in PHP-based organization repositories.
|
|
|
|
```bash
|
|
# Copy to src directory and all subdirectories
|
|
find src -type d -exec cp templates/security/index.php {} \;
|
|
```
|
|
|
|
**Policy**: All PHP-based organization repositories must include an `index.php` redirect file in:
|
|
- `src/` directory (if it exists)
|
|
- All subdirectories under `src/`
|
|
|
|
**Security Rationale**:
|
|
- Provides server-side redirect before any HTML is rendered
|
|
- Prevents web servers from exposing directory contents
|
|
- Includes HTTP header redirect for immediate response
|
|
- Falls back to HTML/JavaScript redirect if needed
|
|
- Works with PHP-enabled web servers
|
|
|
|
**Template Features**:
|
|
- PHP header redirect (highest priority)
|
|
- HTML meta refresh fallback
|
|
- JavaScript redirect fallback
|
|
- `noindex, nofollow` meta tags
|
|
- GPL-3.0-or-later licensed
|
|
- Proper PHP security headers
|
|
|
|
## Usage Recommendation
|
|
|
|
**For PHP projects** (e.g., Dolibarr/MokoCRM):
|
|
- Use both `index.php` and `index.html`
|
|
- PHP will take precedence when available
|
|
- HTML provides fallback for static serving
|
|
|
|
**For non-PHP projects** (e.g., Node.js, static sites):
|
|
- Use `index.html` only
|
|
|
|
**Copy both files:**
|
|
```bash
|
|
# Copy both security templates to all src subdirectories
|
|
find src -type d -exec sh -c 'cp templates/security/index.html "$1" && cp templates/security/index.php "$1"' _ {} \;
|
|
```
|