Did some quick Googling and couldn’t find anything. Please let me know if addressed somewhere that I missed.
Is there a specific folder images / etc. should be stored in order to not be publicly available? HTTP Documentation specifically calls out that:
Files served from the
www
folder (/local/
url), aren’t protected by the Home Assistant authentication. Files stored in this folder, if the URL is known, can be accessed by anybody without authentication.
but doesn’t mention other ways to serve files that does require authentication.
Am I completely misunderstanding the basics?