FrankenPHP returns 403 for commonly used hidden folders like .well-known/

[marns93]

Steps To Reproduce

The FrankenPHP variant responds with 403 for commonly used URLs like .well-known/.

Example: create a file .well-known/security.txt in the web root.

Outcome

What did you expect?

A request to /.well-known/security.txt returns a 200 and the content.

What happened instead?

The response status code is 403
I think the reason is the filter in here:

docker-php/src/variations/frankenphp/etc/frankenphp/Caddyfile

Line 131 in 9b6868e

@rejected path *.bak *.conf *.dist *.fla *.ini *.inc *.inci *.log *.orig *.psd *.sh *.sql *.swo *.swp *.swop */.*

Affected Docker Images

I'm using serversideup/php:8.3-frankenphp

Anything else?

It seems that the same issue was fixed some time ago for NGINX unit, see #469.

[marns93]

@jaydrogers Any updates on this?