While testing our application, we noticed that we were able to get directly at the raw blade templates by going to
https://our.server.com/wp-content/themes/theme-name/resources/views/template-for-page.blade.php. This is possible because we know the directory structure and can browse directly to view the files, so the likelihood of an end user hitting this is fairly slim. However, it still directly exposes template code to the world.
Is this permitted by Sage 9 by default? Is there a configuration option within Sage 9 that prevents this access? Or should we be relying on
.htaccess files or other web server methods to hide direct access to this directory?