From 01405cc0ce48bcd7335478960b72a206b827ecea Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Tue, 30 Aug 2022 22:45:47 +0000
Subject: [PATCH]

---
 devdocs/todo.txt | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/devdocs/todo.txt b/devdocs/todo.txt
index e4b41443..b9e32e07 100644
--- a/devdocs/todo.txt
+++ b/devdocs/todo.txt
@@ -53,6 +53,13 @@ todo: password protect rockfish docs  https://www.tecmint.com/password-protect-w
 	NOPE, above is all wrong it should be done through asp.net core not nginx, as that is what is serving the files:
 	https://docs.microsoft.com/en-us/aspnet/core/fundamentals/static-files?view=aspnetcore-5.0#static-file-authorization
 
+	NOPE! asp.net core doesn't get a bearer token when a static file is requested so it can't be authenticated
+	this is looking like it should be put in it's own folder back to basic authentication again in nginx but keep it outside of the spa entirely
+	maybe just ayanova.com/rfdocs or something?
+
+	Or, maybe it can be not authorized at all but have .netcore check the referrir is rockfish itself and if not say unauthorized so it's a sneaky obscure security but not a problem maybe??
+	
+
 todo: add raven download folders to backup if not already, (maybe part of website backup?) confirm all the archival old files getting backed up this is critical
 
 PARALLEL work