forgejo

mirrors

forgejo

mirror of

Fork 0

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Alex Syrnikov	03715f8469	[GITEA] add /.well-known/security.txt endpoint resolves #38 adds RFC 9116 machine parsable File Format to Aid in Security Vulnerability Disclosure (cherry picked from commit `8ab1f8375c`) (cherry picked from commit `8f04f0e288`) (cherry picked from commit `5ced68a7a0`) (cherry picked from commit `437c5dd749`) Conflicts: `52fb936773` Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974)	2023-07-26 16:38:06 +02:00
wxiaoguang	52fb936773	Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974 ) Replace #25892 Close #21942 Close #25464 Major changes: 1. Serve "robots.txt" and ".well-known/security.txt" in the "public" custom path * All files in "public/.well-known" can be served, just like "public/assets" 3. Add a test for ".well-known/security.txt" 4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so the code can be simpler 5. Add CORS header for ".well-known" endpoints 6. Add logs to tell users they should move some of their legacy custom public files ``` 2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img 2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt ``` This PR is not breaking. --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>	2023-07-21 12:14:20 +00:00

Alex Syrnikov

03715f8469

[GITEA] add /.well-known/security.txt endpoint

resolves #38
adds RFC 9116 machine parsable
File Format to Aid in Security Vulnerability Disclosure

(cherry picked from commit 8ab1f8375c)
(cherry picked from commit 8f04f0e288)
(cherry picked from commit 5ced68a7a0)
(cherry picked from commit 437c5dd749)

Conflicts:
     52fb936773 Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974)

2023-07-26 16:38:06 +02:00

wxiaoguang

52fb936773

Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974 )

Replace #25892

Close  #21942
Close  #25464

Major changes:

1. Serve "robots.txt" and ".well-known/security.txt" in the "public"
custom path
* All files in "public/.well-known" can be served, just like
"public/assets"
3. Add a test for ".well-known/security.txt"
4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so
the code can be simpler
5. Add CORS header for ".well-known" endpoints
6. Add logs to tell users they should move some of their legacy custom
public files

```
2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img
2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt
```
This PR is not breaking.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>

2023-07-21 12:14:20 +00:00

2 Commits