How to enable directories starting with "."?

I have a very simple http site and it happens on a few different projects of mine. You can try it yourself very quickly.
To test Android App Links I need to put assetlinks.json file inside “.well-known” directory at the root of the site. I can create the file and I can modify its content.
The issue is accessing the file - I always get 403 Forbidden return code when putting url into the browser. I’m pretty sure that it was working before so did anything change? How can I make it work?

Thank you for help.

1 Like

Could you please specify the project name?

1 Like

Yes, we changed the static sites config recently. We encourage users to put secrets in .data, .env, and .git directories, and (generalizing from these) users sometimes also put secrets in other “hidden” directories - directories starting with a period: ‘.’

In order to avoid inadvertently exposing users’ secrets, we changed the static sites hosting defaults to forbid all routes starting with a period: ‘.’

In order to make .well-known work similar to before this change, put a package.json file in your project something like this:

{
  "scripts": {
    "start": "ws --port 3000 --log.format combined --directory . --blacklist '/.env' '/.data' '/.data/(.*)' '/.git' '/.git/(.*)'"
  }
}

Hope this helps,

Johnicholas

7 Likes

I’m impressed by how quickly you posted the solution and it is very accurate :slight_smile: It works, thank you very much!

3 Likes

Would package.json need to be added to the blacklist too?

Can we use this method to load ws with a custom config file instead?

Sounds like a really good change to the static web site projects :slight_smile:

2 Likes

I added the line @Johnicholas mentioned in his post to the “start” of “scripts” and the assetlinks are available through url now. However the glitch interface is still hiding the file on every refresh. Is there an additional step I can take to keep the file easily accessable for editing purposes?

My recommendation would be to just edit these files via the terminal.

Run ls -a to see them and use nano to edit them.

2 Likes

Here’s one idea.

Instead of serving your webpage using ws, you could use node and express, similar to the ~hello-express starting point. Then you could keep assetlinks.json in a directory named well-known with no dot and add something like this to your server.js

app.use('/.well-known', express.static('well-known'))
4 Likes