Update .htaccess to include 'ico' file type

[mbraam]

Allow for .ico files coming from a customized branding extension to be displayed as favicon in the browser.

Base information

Question	Answer
Related to a SourceForge thread / Another PR / Combodo ticket?	No
Type of change?	Bug fix

Symptom (bug)

• The XML Datamodel for creating extensions allows since iTop 3.2.0 to include favicons (main_favicon, portal_favicon and login_favicon)
• The .ico file format is the original and commonly used file format for favicons
• However, files with this extension are currently not shown on iTop instances running on Apache with recommended security settings applied.

Reproduction procedure (bug)

1. create an extensions that includes .ico files and place a reference to these files in the section, under <main_favicon>, <portal_favicon> and/or <login_favicon>.
2. Install this extension on iTop 3.2.2-1-17851 (installed on a LAMP stack)
3. With PHP 8.3.6
4. Login and observe the .ico file is not displayed and as a fallback the default iTop favicon is displayed.

Cause (bug)

For iTop instances served by Apache, the current .htaccess file in env-production prevent .ico files (located in env-production/branding) to be displayed by the browser as favicon,
This is due to the statement: <FilesMatch ".+.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">

Proposed solution (bug and enhancement)

I replaced both occurences of the statement <FilesMatch ".+.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$"> with <FilesMatch ".+.(css|scss|js|map|ico|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">

Checklist before requesting a review

• I have performed a self-review of my code
• I have tested all changes I made on an iTop instance
• I have added a unit test, otherwise I have explained why I couldn't
• Is the PR clear and detailed enough so anyone can understand digging in the code?

Checklist of things to do before PR is ready to merge

Confirm that this .htaccess file is also to be copied to the env-production folder during setup of iTop.
I did not write a unit test, as there is no code to test here. The .htaccess file is a configuration file used by Apache.

[Molkobain]

Hello @mbraam , thanks for the PR :)

It's a good idea, but in that case we should also update all access restrictions files that allow images to have the same behavior:

• .htaccess (Apache) and web.config (IIS) files generated in the env-xxx folders.
• .htaccess (Apache) and web.config (IIS) files in the /lib and /node_modules folders.

[Hipska]

Probably only there? Won't the files from the branding extension be placed there instead of /lib?

[Molkobain]

Probably only there? Won't the files from the branding extension be placed there instead of /lib?

Exact, but as we allow images from the third party folders, I think we should also fix /lib and /node_modules (which I forgot in my previous message) at the same time.

[Molkobain]

I updated my first comment as there are also the IIS files to update 😅