forgejo/public/.well-known/security.txt at 2590707122aac20c53b554dc5695396ef35fbea4 - git724/forgejo - git724

git724/forgejo

wxiaoguang 52fb936773

Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974 )

Replace #25892

Close  #21942
Close  #25464

Major changes:

1. Serve "robots.txt" and ".well-known/security.txt" in the "public"
custom path
* All files in "public/.well-known" can be served, just like
"public/assets"
3. Add a test for ".well-known/security.txt"
4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so
the code can be simpler
5. Add CORS header for ".well-known" endpoints
6. Add logs to tell users they should move some of their legacy custom
public files

```
2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img
2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt
```
This PR is not breaking.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>

2023-07-21 12:14:20 +00:00

6 lines

340 B

Text

Raw Blame History

 # This site is running a Gitea instance.
 # Gitea related security problems could be reported to Gitea community.
 # Site related security problems should be reported to this site's admin.
 Contact: https://github.com/go-gitea/gitea/blob/main/SECURITY.md
 Policy: https://github.com/go-gitea/gitea/blob/main/SECURITY.md
 Preferred-Languages: en