@@ -90,12 +90,24 @@ Therefore, it is no longer necessary to include it, even if it is still present
9090
9191 - include("../../../inc/includes.php");
9292
93+
94+ ++++++++++++++++++++++++++++
95+
96+ In GLPI 11.0, we restrict the resources that can be accessed through a web request.
97+
98+ We still support access to the PHP scripts located in the ``/ajax ``, ``/front `` and ``/report `` directories.
99+ Their URL remains unchanged, for instance, the URL of the ``/front/index.php `` script of your plugin remains ``/plugins/myplugin/front/index.php ``.
100+
101+ The static assets must be moved in the ``/public `` directory to be accessible.
102+ Their URL must not contain the ``/public `` path.
103+ For instance, the URL of the ``/public/css/styles.css `` stylesheet of your plugin will be ``/plugins/myplugin/css/styles.css ``.
104+
93105Legacy scripts access policy
94106++++++++++++++++++++++++++++
95107
96108By default, the access to any PHP script will be allowed only to authenticated users.
97109If you need to change this default policy for some of your PHP scripts, you will need to do this in your plugin ``init `` function,
98- using the ``Glpi\Http\Firewall::addPluginFallbackStrategy () `` method.
110+ using the ``Glpi\Http\Firewall::addPluginStrategyForLegacyScripts () `` method.
99111
100112.. code-block :: php
101113
@@ -104,8 +116,8 @@ using the ``Glpi\Http\Firewall::addPluginFallbackStrategy()`` method.
104116 use Glpi\Http\Firewall;
105117
106118 function plugin_init_myplugin() {
107- Firewall::addPluginFallbackStrategy ('myplugin', '#^/front/api.php/#', Firewall::STRATEGY_NO_CHECK);
108- Firewall::addPluginFallbackStrategy ('myplugin', '#^/front/dashboard.php$#', Firewall::STRATEGY_CENTRAL_ACCESS);
119+ Firewall::addPluginStrategyForLegacyScripts ('myplugin', '#^/front/api.php/#', Firewall::STRATEGY_NO_CHECK);
120+ Firewall::addPluginStrategyForLegacyScripts ('myplugin', '#^/front/dashboard.php$#', Firewall::STRATEGY_CENTRAL_ACCESS);
109121 }
110122
111123
0 commit comments