[devmach]

* Any folder in your project can have index.html and indeed it should have.

* Parent talks about static pages, not about rails-ruby/php/python project.

But i get your point : If somehow somebody screw with servers config, there is a risk to expose your apps files & configs. You can follow parents advice but set your root path in apache/nginx config to /var/www/www.example.org/public instead of /var/www/www.example.org

[astrodust]

Even a static site can be structured so that the .git directory is outside of the main public mount.

This gives you a natural place to store notes, documentation, and other non-public content.

It's not about screwing with the server config, it's so that it takes several stupid mistakes before your .git folder is flapping in the breeze, not just one. Being one configuration directive away from embarrassing failure is not a good idea.

[rlx0x]

> Being one configuration directive away from embarrassing failure is not a good idea.

I can't stop but thinking about PHP webapps, for instance Wordpress serves wp-index.php in the same directory as wp-config.php, indeed only one configuration directive away from blowing it all up in your face.

Every few months or so I encounter a huge site that serves me PHP source code. For instance the BBC: http://www.bbc.co.uk/radio4/hitchhikers/zmachine/hhguide.xml

But hey its PHP I guess anyone who would care about something like that has stopped using it years ago.

[dave1010uk]

WordPress can work with wp-config.php in your document root but it's recommended to move it 1 directory up (which is supported our of the box).

[krapp]

Why in the world would anyone serve a php file as .xml? That seems to be the problem... xml files are meant to be readable as text.

[eropple]

I would guess it's a configuration error around something like smart extensions, maybe? "If the clean URL has a .xml at the end, send the request through PHP."

Dumb, but it's the only thing I can come up with offhand.