The security check feature called Required (and Recomended) private directories" is now generating about 15 open issues on github if we exlude closed issues.
For example, I've put this effective directive inside apache, but looks like not enough for the feature.
<LocationMatch "^/matomo/(config|core|tmp|lang|.git)"> Require all denied </LocationMatch>
In my opinion private directories shouldn't served by apache. So, for a next software's refactoring (v.5.x), I suggest to distribute public files and assets directories inside their own
Suggesting to bypass the security checks, is a needed fast shortcut, but unreliable long term solution.
I think that's the same discussion as https://github.com/matomo-org/matomo/issues/19505
And I still agree that this is (at least as an optional installation method) a huge benefit for Matomo.
We're on the same frequency, I close as duplicated