Commit D9 updates to scaffolded files

web/.gitignore

@@ -1,3 +1,4 @@
 /INSTALL.txt
 /README.txt
 /example.gitignore
+/README.md

web/.htaccess

@@ -116,13 +116,13 @@ AddEncoding gzip svgz
   # RewriteBase /
 
   # Redirect common PHP files to their new locations.
-  RewriteCond %{REQUEST_URI} ^(.*)?/(install.php) [OR]
+  RewriteCond %{REQUEST_URI} ^(.*)?/(install\.php) [OR]
-  RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild.php)
+  RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild\.php)
   RewriteCond %{REQUEST_URI} !core
   RewriteRule ^ %1/core/%2 [L,QSA,R=301]
 
   # Rewrite install.php during installation to see if mod_rewrite is working
-  RewriteRule ^core/install.php core/install.php?rewrite=ok [QSA,L]
+  RewriteRule ^core/install\.php core/install.php?rewrite=ok [QSA,L]
 
   # Pass all requests not referring directly to files in the filesystem to
   # index.php.
@@ -138,11 +138,11 @@ AddEncoding gzip svgz
   # Allow access to PHP files in /core (like authorize.php or install.php):
   RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
   # Allow access to test-specific PHP files:
-  RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
+  RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php
   # Allow access to Statistics module's custom front controller.
   # Copy and adapt this rule to directly execute PHP files in contributed or
   # custom modules or to run another PHP application in the same directory.
-  RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
+  RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics\.php$
   # Deny access to any other PHP files that do not match the rules above.
   # Specifically, disallow autoload.php from being served directly.
   RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]

web/robots.txt

@@ -45,17 +45,17 @@ Disallow: /comment/reply/
 Disallow: /filter/tips
 Disallow: /node/add/
 Disallow: /search/
-Disallow: /user/register/
+Disallow: /user/register
-Disallow: /user/password/
+Disallow: /user/password
-Disallow: /user/login/
+Disallow: /user/login
-Disallow: /user/logout/
+Disallow: /user/logout
 # Paths (no clean URLs)
 Disallow: /index.php/admin/
 Disallow: /index.php/comment/reply/
 Disallow: /index.php/filter/tips
 Disallow: /index.php/node/add/
 Disallow: /index.php/search/
-Disallow: /index.php/user/password/
+Disallow: /index.php/user/password
-Disallow: /index.php/user/register/
+Disallow: /index.php/user/register
-Disallow: /index.php/user/login/
+Disallow: /index.php/user/login
-Disallow: /index.php/user/logout/
+Disallow: /index.php/user/logout

web/web.config

@@ -33,18 +33,6 @@
             <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
           </conditions>
         </rule>
-     <!-- If running on a PHP version affected by httpoxy vulnerability
-      uncomment the following rule to mitigate it's impact. To make this
-      rule work, you will also need to add HTTP_PROXY to the allowed server
-      variables manually in IIS. See https://www.drupal.org/node/2783079.
-        <rule name="Erase HTTP_PROXY" patternSyntax="Wildcard">
-          <match url="*.*" />
-          <serverVariables>
-            <set name="HTTP_PROXY" value="" />
-          </serverVariables>
-          <action type="None" />
-        </rule>
-    -->
     <!-- To redirect all users to access the site WITH the 'www.' prefix,
      http://example.com/foo will be redirected to http://www.example.com/foo)
      adapt and uncomment the following:   -->