The documentation here recommends that a permissions mode of 0777 is used.

I was curious about what this project is and what it does, but I'm going to stay well away from any documentation that actually recommends 0777 as a serious permissions setting. This allows anyone on a system to read and write to a directory.

In addition, on files, it allows execution privileges, which is an additional security risk. For example, if an application accepts user input and saves it to a file with 0777 privileges, a malicious actor may be able to execute arbitrary code on the server!

Here are some good resources to learn about Linux permissions:

• https://www.linux.com/learn/understanding-linux-file-permissions
• https://www.digitalocean.com/community/tutorials/an-introduction-to-linux-permissions

Strong permission settings are an essential safeguard against attack.

Problem

When we host a LiteFrame website https://domain.com being an https proxy server, assets (eg, http://domain.com/assets/css/bootstrap.min.css) are generated using http which lead browsers (Chrome, Opera, Firefox) to issue a (blocked:mixed-content) Status on assets preventing them to load.

Web server involve: Apache and Nginx,

Exceptions happen when you try to open a no secure website, That time assets load too because there are not protected.

Solution

#1 Do not use hard link for asset: Do not include the hostname and protocol, give the asset path from the server root,
#2 For the case where you will like to place assets on cdn give provide an env config for the cdn base hostname like CDN_ROOT