N°3231 - Allow browser access to static resources files in the /lib folder

lib/web.config

@@ -1,13 +1,30 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Allow only static resources files -->
+<!-- - HTML not allowed as there could be some test pages calling server scripts or executing JS scripts -->
+<!-- - PHP not allowed as they should not be publicly accessible -->
 <configuration>
   <system.webServer>
-    <security>
-      <requestFiltering>
-         <fileExtensions applyToWebDAV="false" allowUnlisted="false"></fileExtensions>
-      </requestFiltering>
-      <authorization>
-        <deny users="*" /> <!-- Denies all users -->
-      </authorization>
-    </security>
+      <security>
+         <requestFiltering>
+            <fileExtensions applyToWebDAV="false" allowUnlisted="false" >
+               <add fileExtension=".css" allowed="true" />
+               <add fileExtension=".scss" allowed="true" />
+               <add fileExtension=".js" allowed="true" />
+               <add fileExtension=".map" allowed="true" />
+               <add fileExtension=".png" allowed="true" />
+               <add fileExtension=".bmp" allowed="true" />
+               <add fileExtension=".gif" allowed="true" />
+               <add fileExtension=".jpeg" allowed="true" />
+               <add fileExtension=".jpg" allowed="true" />
+               <add fileExtension=".svg" allowed="true" />
+               <add fileExtension=".tiff" allowed="true" />
+
+               <add fileExtension=".woff" allowed="true" />
+               <add fileExtension=".woff2" allowed="true" />
+               <add fileExtension=".ttf" allowed="true" />
+               <add fileExtension=".eot" allowed="true" />
+            </fileExtensions>
+         </requestFiltering>
+      </security>
   </system.webServer>
-</configuration>
+</configuration>