Webroot and assets

In TYPO3 files that are displayed in the web browser, must - for security reasons - be placed in certain directories.

In a standard Composer-based installation, which this tutorial assumes you have, the webroot of the server points to directory public. Read more about this folder: TYPO3 Explained, folder "public/". Files placed outside of this folder cannot be called directly by the web browser.

There are 3 types of files that must be accessed directly by the browser:

  • Media and downloads: Images, videos and audio files used within the content and managed by editors. Downloads like PDF files, Excel sheets etc.
  • Assets: Including CSS, JavaScript, fonts, images and icons used for design purposes.
  • Technical files managed by Composer and TYPO3, including the index.php as Entry point, automatically generated assets and scaled versions of images.

Media and downloads

Media and downloads must be stored in fileadmin. In standard Composer-based installations, as we assume you have here, they are stored in public/fileadmin/.

Read more about this folder: TYPO3 Explained, folder "public/fileadmin/".

Files in the fileadmin directory are managed by the File abstraction layer (FAL).

They can be uploaded, moved and deleted in the backend module File > Filelist by administrators and depending on permissions, by editors.

Assets in extensions and site packages

Assets usually include CSS files, JavaScript and images / icons used for design purposes.

Within an extension, including a site package, they can only be placed in folder Resources/Public and subfolders of this folder.

During Composer installation the Resources/Public directories of all installed extensions are symlinked into the webroot, folder public/_assets. For security reasons the folders in public/_assets have hashed names.

Read more about this folder: TYPO3 Explained, folder "public/_assets/".