From b2f30df7fd2d0181ab5544c8b4695f8b471721f2 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Wed, 10 Mar 2021 09:58:08 -0500
Subject: [PATCH 1/2] Add security.txt file

See https://securitytxt.org
---
 security.txt | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 security.txt

diff --git a/security.txt b/security.txt
new file mode 100644
index 0000000000..34a192fb7c
--- /dev/null
+++ b/security.txt
@@ -0,0 +1,9 @@
+Contact: mailto:info@friendi.ca
+
+Expires: Wed, 30 Jun 2021 23:59 +0000
+
+Preferred-Languages: en
+
+Canonical: https://git.friendi.ca/friendica/friendica/raw/branch/stable/security.txt
+
+Policy: https://friendi.ca/security-policy/

From 2d91db9e76729de1aa32722db0af8ad5042f04c5 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Wed, 10 Mar 2021 09:58:48 -0500
Subject: [PATCH 2/2] Add /.well-known/security.txt route and module

---
 src/Module/WellKnown/SecurityTxt.php | 43 ++++++++++++++++++++++++++++
 static/routes.config.php             |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 src/Module/WellKnown/SecurityTxt.php

diff --git a/src/Module/WellKnown/SecurityTxt.php b/src/Module/WellKnown/SecurityTxt.php
new file mode 100644
index 0000000000..9cdcde0484
--- /dev/null
+++ b/src/Module/WellKnown/SecurityTxt.php
@@ -0,0 +1,43 @@
+<?php
+/**
+ * @copyright Copyright (C) 2020, Friendica
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace Friendica\Module\WellKnown;
+
+use Friendica\BaseModule;
+
+/**
+ * Standardized way of exposing metadata about the project security policy
+ * @see https://securitytxt.org
+ */
+class SecurityTxt extends BaseModule
+{
+	public static function rawContent(array $parameters = [])
+	{
+		$name = 'security.txt';
+		$fp = fopen($name, 'rt');
+
+		header('Content-type: text/plain; charset=utf-8');
+		header("Content-Length: " . filesize($name));
+
+		fpassthru($fp);
+		exit;
+	}
+}
diff --git a/static/routes.config.php b/static/routes.config.php
index 031f6082b1..1f3e9fa9f0 100644
--- a/static/routes.config.php
+++ b/static/routes.config.php
@@ -44,6 +44,7 @@ return [
 	'/.well-known' => [
 		'/host-meta'      => [Module\WellKnown\HostMeta::class,     [R::GET]],
 		'/nodeinfo'       => [Module\WellKnown\NodeInfo::class,     [R::GET]],
+		'/security.txt'   => [Module\WellKnown\SecurityTxt::class,  [R::GET]],
 		'/webfinger'      => [Module\Xrd::class,                    [R::GET]],
 		'/x-nodeinfo2'    => [Module\NodeInfo210::class,            [R::GET]],
 		'/x-social-relay' => [Module\WellKnown\XSocialRelay::class, [R::GET]],