diff --git a/security.txt b/security.txt new file mode 100644 index 000000000..34a192fb7 --- /dev/null +++ b/security.txt @@ -0,0 +1,9 @@ +Contact: mailto:info@friendi.ca + +Expires: Wed, 30 Jun 2021 23:59 +0000 + +Preferred-Languages: en + +Canonical: https://git.friendi.ca/friendica/friendica/raw/branch/stable/security.txt + +Policy: https://friendi.ca/security-policy/ diff --git a/src/Module/WellKnown/SecurityTxt.php b/src/Module/WellKnown/SecurityTxt.php new file mode 100644 index 000000000..9cdcde048 --- /dev/null +++ b/src/Module/WellKnown/SecurityTxt.php @@ -0,0 +1,43 @@ +. + * + */ + +namespace Friendica\Module\WellKnown; + +use Friendica\BaseModule; + +/** + * Standardized way of exposing metadata about the project security policy + * @see https://securitytxt.org + */ +class SecurityTxt extends BaseModule +{ + public static function rawContent(array $parameters = []) + { + $name = 'security.txt'; + $fp = fopen($name, 'rt'); + + header('Content-type: text/plain; charset=utf-8'); + header("Content-Length: " . filesize($name)); + + fpassthru($fp); + exit; + } +} diff --git a/static/routes.config.php b/static/routes.config.php index 031f6082b..1f3e9fa9f 100644 --- a/static/routes.config.php +++ b/static/routes.config.php @@ -44,6 +44,7 @@ return [ '/.well-known' => [ '/host-meta' => [Module\WellKnown\HostMeta::class, [R::GET]], '/nodeinfo' => [Module\WellKnown\NodeInfo::class, [R::GET]], + '/security.txt' => [Module\WellKnown\SecurityTxt::class, [R::GET]], '/webfinger' => [Module\Xrd::class, [R::GET]], '/x-nodeinfo2' => [Module\NodeInfo210::class, [R::GET]], '/x-social-relay' => [Module\WellKnown\XSocialRelay::class, [R::GET]],