Hi everyone, we are currently undergoing a CASA Tier 2 security assessment for our our app. However, we have encountered a challenge as our website is developed on Bubble, and we do not have direct access to the source code.
One of the vulnerabilities flagged in the security assessment is the visibility of the htaccess file to the public. Unfortunately, due to the nature of Bubble being a no-code platform, we are unable to directly edit the code to implement necessary patches.
We are reaching out to the community to see if others have navigated a similar situation and can share their experiences and insights. Specifically, we are interested in understanding how fellow Bubble users have addressed security concerns raised during CASA Tier 2 assessments, especially when they do not have direct access to the source code.
Thank you in advance for your time and assistance.