I have not found a possibility to add a security.txt file to our Discourse forums ans was wondering if it would be possible to add that possibility.
It would be great if there’s an option to add this file (which should land in
rootwebsite/.well-known/security.txt) and fill in the necessary parameters within Settings > Security for example.
As stated on their website:
The main purpose of security.txt is to help make things easier for companies and security researchers when trying to secure platforms. Thanks to security.txt, security researchers can easily get in touch with companies about security issues.
More can be found here: https://securitytxt.org/
The short term solution, if you’re self hosted, is a custom plugin.
But you want a feature. Sorry.
I’m a bit confused, mainly because I just can’t understand how Docker works, but…
- why should security.txt come from Discourse; it is normally quite static and tied up to organization
- under Docker is Nginx and it should host webserver level things like everything under
So I would say short term solution is manual labour with Nginx
I would suggest using a Permalink here for this, e.g.:
○ → curl -i https://meta.discourse.org/.well-known/security.txt
content-type: text/html; charset=utf-8
(I’ll probably remove it shortly as it’s not really the intended destination, but this means you can put this file anywhere)
That’s a good idea!
Create a topic somewhere hidden; make it unlisted; move it somewhere public. Add
.json to the copy URL to get the
post_id of the OP. Then use that URL in the permalink. Then you can get the URL of the raw text of that post with a URL like
1093 is the
post_id of your topic.
Then https://dashboard.literatecomputing.com/.well-known/security.txt will get you a text URL like (I think) you want. Much easier than mucking with having
app.yml muck with nginx settings.
Oooohhhh combining with a
raw link to just get text is a great hack!