move all static assets to public/

front/public/.htaccess

@@ -0,0 +1,26 @@
+DirectoryIndex index.html
+
+# By default, Apache does not evaluate symbolic links if you did not enable this
+# feature in your server configuration. Uncomment the following line if you
+# install assets as symlinks or if you experience problems related to symlinks
+# when compiling LESS/Sass/CoffeScript assets.
+# Options FollowSymlinks
+
+# Disabling MultiViews prevents unwanted negotiation, e.g. "/index" should not resolve
+# to the front controller "/index.php" but be rewritten to "/index.php/index".
+<IfModule mod_negotiation.c>
+    Options -MultiViews
+</IfModule>
+
+RewriteEngine On
+
+RewriteBase /
+
+# If the requested filename exists, simply serve it.
+# We only want to let Apache serve files and not directories.
+# Rewrite all other queries starting with _ to index.ts.
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule "^[_@*]/" "/index.html" [L]
+RewriteRule "^register/" "/index.html" [L]
+RewriteRule "^login" "/index.html" [L]
+RewriteRule "^jwt" "/index.html" [L]

front/public/env-config.template.js

@@ -0,0 +1,27 @@
+window.env = {
+    SKIP_RENDER_OPTIMIZATIONS: '${SKIP_RENDER_OPTIMIZATIONS}',
+    DISABLE_NOTIFICATIONS: '${DISABLE_NOTIFICATIONS}',
+    PUSHER_URL: '${PUSHER_URL}',
+    UPLOADER_URL: '${UPLOADER_URL}',
+    ADMIN_URL: '${ADMIN_URL}',
+    CONTACT_URL: '${CONTACT_URL}',
+    PROFILE_URL: '${PROFILE_URL}',
+    ICON_URL: '${ICON_URL}',
+    DEBUG_MODE: '${DEBUG_MODE}',
+    STUN_SERVER: '${STUN_SERVER}',
+    TURN_SERVER: '${TURN_SERVER}',
+    TURN_USER: '${TURN_USER}',
+    TURN_PASSWORD: '${TURN_PASSWORD}',
+    JITSI_URL: '${JITSI_URL}',
+    JITSI_PRIVATE_MODE: '${JITSI_PRIVATE_MODE}',
+    START_ROOM_URL: '${START_ROOM_URL}',
+    MAX_USERNAME_LENGTH: '${MAX_USERNAME_LENGTH}',
+    MAX_PER_GROUP: '${MAX_PER_GROUP}',
+    DISPLAY_TERMS_OF_USE: '${DISPLAY_TERMS_OF_USE}',
+    POSTHOG_API_KEY: '${POSTHOG_API_KEY}',
+    POSTHOG_URL: '${POSTHOG_URL}',
+    NODE_ENV: '${NODE_ENV}',
+    DISABLE_ANONYMOUS: '${DISABLE_ANONYMOUS}',
+    OPID_LOGIN_SCREEN_PROVIDER: '${OPID_LOGIN_SCREEN_PROVIDER}',
+    FALLBACK_LOCALE: '${FALLBACK_LOCALE}',
+};

front/public/ga.html.tmpl

@@ -0,0 +1,9 @@
+<!-- Global site tag (gtag.js) - Google Analytics -->
+<script async src="https://www.googletagmanager.com/gtag/js?id=<!-- TRACKING NUMBER -->"></script>
+<script>
+    window.dataLayer = window.dataLayer || [];
+    function gtag(){dataLayer.push(arguments);}
+    gtag('js', new Date());
+
+    gtag('config', '<!-- TRACKING NUMBER -->');
+</script>

front/public/iframe.html

@@ -0,0 +1,21 @@
+<!doctype html>
+<html lang="en">
+<head>
+    <script src="/iframe_api.js" ></script>
+    <script>
+        // Note: this is a huge XSS flow as we allow anyone to load a Javascript file in our domain.
+        // This file must ABSOLUTELY be removed from the Docker images/deployments and is only here
+        // for development purpose (because dynamically generated iframes are not working with
+        // webpack hot reload due to an issue with rights)
+        const urlParams = new URLSearchParams(window.location.search);
+        const scriptUrl = urlParams.get('script');
+        const script = document.createElement('script');
+        script.src = scriptUrl;
+
+        if (urlParams.get('moduleMode') === 'true') {
+            script.type = "module";
+        }
+        document.head.append(script);
+    </script>
+    </head>
+</html>