N°7331 - Ensure to keep folder browsing protection files after install/update command

node_modules/.htaccess

@@ -1,8 +1,11 @@
+# Allow only static resources files
+# - HTML not allowed as there could be some test pages calling server scripts or executing JS scripts
+# - PHP not allowed as they should not be publicly accessible
 
 # Apache 2.4
 <ifModule mod_authz_core.c>
 Require all denied
-	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html|php)$">
+	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot1)$">
 	    Require all granted
 	</FilesMatch>
 </ifModule>
@@ -11,7 +14,7 @@ Require all denied
 <ifModule !mod_authz_core.c>
 deny from all
 Satisfy All
-	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html|php)$">
+	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
 	    Order Allow,Deny
 	    Allow from all
 	</FilesMatch>

node_modules/web.config

@@ -1,4 +1,7 @@
 <?xml version="1.0" encoding="utf-8" ?>
+<!-- Allow only static resources files -->
+<!-- - HTML not allowed as there could be some test pages calling server scripts or executing JS scripts -->
+<!-- - PHP not allowed as they should not be publicly accessible -->
 <configuration>
   <system.webServer>
       <security>
@@ -15,15 +18,11 @@
                <add fileExtension=".jpg" allowed="true" />
                <add fileExtension=".svg" allowed="true" />
                <add fileExtension=".tiff" allowed="true" />
-               
+
                <add fileExtension=".woff" allowed="true" />
                <add fileExtension=".woff2" allowed="true" />
                <add fileExtension=".ttf" allowed="true" />
                <add fileExtension=".eot" allowed="true" />
-               
-               <add fileExtension=".html" allowed="true" />
-               
-               <add fileExtension=".php" allowed="true" />
             </fileExtensions>
          </requestFiltering>
       </security>