Public assets used in extensions (files that should be delivered by the web
server) must be located in the
Resources/Public folder of the extension.
Changed in version 12.0: Having public assets in any but the folder Resources/Public is not possible anymore.
This folder should only be used for static assets.
If you need to create assets during runtime, they should be stored in
Prevent access to non public files¶
No extension file outside the folder
Resources/Public may be accessed
from outside the web server.
This can be achieved by applying proper access restrictions on the web server. See: Restrict access to files on a server-level.
By using the Composer package
helhum/typo3-secure-web <https://github.com/helhum/typo3-secure-web> all
files except those that should be publicly available can be stored outside
the servers web root.
These file names are reserved for th extension icon, which will be displayed in the extension manager.
It must be in format SVG (preferred), PNG or GIF and should have at least 16x16 pixels.
Any CSS file used by the extension.
Any images used by the extension.
Any JS file used by the extension.