Use assets directly instead of using wp-json endpoint

[erseco]

This pull request makes significant improvements to how eXeLearning extracted content is served and secured. The main changes separate the handling of HTML files (which require proxying for security and CSP headers) from static assets (which can be served directly from uploads), and update the .htaccess rules to reflect this. Unit tests are also updated and expanded to verify the new behavior.

Content serving and URL rewriting:

• Updated rewrite_relative_urls and related methods in class-content-proxy.php to serve HTML files via the proxy (for CSP headers), while static assets (CSS, JS, images, fonts, etc.) are served directly from the uploads directory. Introduced get_uploads_url and is_html_path helpers for this logic.

• Updated unit tests in ContentProxyTest.php to expect asset URLs to use the uploads path, and added new tests to ensure HTML/HTM links are routed through the proxy.
  Security and access control:

• Revised the .htaccess generation in class-elp-upload-handler.php to allow direct access to static assets but block HTML files, using mod_rewrite for fine-grained control and fallback rules for environments without mod_rewrite.

These changes improve compatibility with hosted environments, prevent 403/404 errors for assets, and ensure HTML files are securely proxied for CSP and other headers.

[github-actions]

Test in WordPress Playground

Test the plugin with the code from this branch:

Open in WordPress Playground

⚠️ The embedded eXeLearning editor is not available in this preview (requires build). All other plugin features (ELP upload, shortcode, Gutenberg block, preview) work normally.