I am using Laravel 5.4 on shared web hosting. Site is running fine, without any functional problems. I am forcing HTTPS + WWW always.
But there are issue with URL path after redirect from invalid/non-existing page.
Instead of https://www.example.com/ in URL it shows https://www.example.com/public/
There are no redirect to /public/ if I go to any existing pages. Site is working fine in both ways, with or without /public/. For visitors it could be confusing that sometimes it is /public/ in end of URL and sometimes it is without. For example, normally I have URL https://www.example.com/about , but it is also working in https://www.example.com/public/about In this case I am also not sure about possible vulnerabilities.
I have 2 .htaccess files, one in project root folder public_html and another inside Laravel public folder public_html/public.
1) public_html/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
2) public_html/public/.htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule \.(txt|xml)$ - [L]
# Force SSL + WWW
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
</IfModule>
