Commit graph

2 commits

Author SHA1 Message Date
Gusted bdc296793e
[BRANDING] security.txt
- The [security.txt](https://securitytxt.org/) is a standardized file to
help with reporting security vulnerabilities, by having the most essential
information served at `.well-known/security.txt`.
- Brand this file to point to the Forgejo security team.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1192

(cherry picked from commit 7ca1d0ec87bc23881f59ce3ea04390bf508ec0fa)
(cherry picked from commit ba974b016199cd279b8c7aca76a936910e9f4d69)
(cherry picked from commit 966fbcdcfdc8027aa31fe46eafa229854fe120ad)
(cherry picked from commit 8b9efebc6e5a211b64b003284bf3bb8c66c85662)
(cherry picked from commit 91b1c84c1873b6e07ff7e700429a4fc6f6c1e3bf)
(cherry picked from commit 30ade1ea0b6de3b634283bd3741b49abf37f9bf0)
(cherry picked from commit 15ec35014e1afda4010e1956722ab9ba78d53093)
(cherry picked from commit a5e8bb4a93ede29c077d246c984d4aa0da70a4ec)
(cherry picked from commit 273b03888f4e71009474a384c38cef605d2763a2)
(cherry picked from commit 69b6b53fe5d94ab34d3f47d2327e1915fa883cde)
(cherry picked from commit e22a512fde49fd8023206fcbe509a4d53770647f)
(cherry picked from commit 958b3e4877562e2755c297a79f31243e9c350c1c)
(cherry picked from commit d1ad5daa51a7c9f1dd32e20b50f06e786fd1803c)
(cherry picked from commit a4868c4d79a67d2502cab39f47963a0e0cc10a8c)
(cherry picked from commit ce4692d352feda4bb7e1a22126de8d9c3fed46df)
(cherry picked from commit 7cb94c23fddaa7de07c2120256d22cdebe82db91)
(cherry picked from commit 05fa514e146a8d88bf0883013f50040edc38b4b6)
(cherry picked from commit be70e501143233558f9e3cf989fbd22999cd0ec3)
(cherry picked from commit 576997ac9ac1ba9bfd8af62c34f84ff6412e5eed)
(cherry picked from commit 5ca08987179c38632eb50862b36ee6d0d1e9d523)
(cherry picked from commit 69db3def9961bf1d3d41ce97388f5df5439ca1b3)
(cherry picked from commit 577aec56fe350a232d08f91a7f2dc07d4a6eb527)
(cherry picked from commit 1256e4f2f16e5f446ffe48319fec1e52cd7cc481)
(cherry picked from commit 98abae947e2c6b8964c56c7cd8fc4caa36d24c14)
(cherry picked from commit 3106f876d26b030933d8b93ff11d765e79e15e1d)
2024-02-05 16:05:02 +01:00
wxiaoguang 52fb936773
Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974)
Replace #25892

Close  #21942
Close  #25464

Major changes:

1. Serve "robots.txt" and ".well-known/security.txt" in the "public"
custom path
* All files in "public/.well-known" can be served, just like
"public/assets"
3. Add a test for ".well-known/security.txt"
4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so
the code can be simpler
5. Add CORS header for ".well-known" endpoints
6. Add logs to tell users they should move some of their legacy custom
public files

```
2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img
2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt
```
This PR is not breaking.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-21 12:14:20 +00:00