forgejo

mirrors/forgejo

Fork 1

mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-05-13 09:32:41 +00:00

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Gusted	bdc296793e	[BRANDING] security.txt - The [security.txt](https://securitytxt.org/) is a standardized file to help with reporting security vulnerabilities, by having the most essential information served at `.well-known/security.txt`. - Brand this file to point to the Forgejo security team. - Resolves https://codeberg.org/forgejo/forgejo/issues/1192 (cherry picked from commit `7ca1d0ec87`) (cherry picked from commit `ba974b0161`) (cherry picked from commit `966fbcdcfd`) (cherry picked from commit `8b9efebc6e`) (cherry picked from commit `91b1c84c18`) (cherry picked from commit `30ade1ea0b`) (cherry picked from commit `15ec35014e`) (cherry picked from commit `a5e8bb4a93`) (cherry picked from commit `273b03888f`) (cherry picked from commit `69b6b53fe5`) (cherry picked from commit `e22a512fde`) (cherry picked from commit `958b3e4877`) (cherry picked from commit `d1ad5daa51`) (cherry picked from commit `a4868c4d79`) (cherry picked from commit `ce4692d352`) (cherry picked from commit `7cb94c23fd`) (cherry picked from commit `05fa514e14`) (cherry picked from commit `be70e50114`) (cherry picked from commit `576997ac9a`) (cherry picked from commit `5ca0898717`) (cherry picked from commit `69db3def99`) (cherry picked from commit `577aec56fe`) (cherry picked from commit `1256e4f2f1`) (cherry picked from commit `98abae947e`) (cherry picked from commit `3106f876d2`)	2024-02-05 16:05:02 +01:00
wxiaoguang	52fb936773	Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974 ) Replace #25892 Close #21942 Close #25464 Major changes: 1. Serve "robots.txt" and ".well-known/security.txt" in the "public" custom path * All files in "public/.well-known" can be served, just like "public/assets" 3. Add a test for ".well-known/security.txt" 4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so the code can be simpler 5. Add CORS header for ".well-known" endpoints 6. Add logs to tell users they should move some of their legacy custom public files ``` 2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img 2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt ``` This PR is not breaking. --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>	2023-07-21 12:14:20 +00:00

Gusted

bdc296793e

[BRANDING] security.txt

- The [security.txt](https://securitytxt.org/) is a standardized file to
help with reporting security vulnerabilities, by having the most essential
information served at `.well-known/security.txt`.
- Brand this file to point to the Forgejo security team.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1192

(cherry picked from commit 7ca1d0ec87)
(cherry picked from commit ba974b0161)
(cherry picked from commit 966fbcdcfd)
(cherry picked from commit 8b9efebc6e)
(cherry picked from commit 91b1c84c18)
(cherry picked from commit 30ade1ea0b)
(cherry picked from commit 15ec35014e)
(cherry picked from commit a5e8bb4a93)
(cherry picked from commit 273b03888f)
(cherry picked from commit 69b6b53fe5)
(cherry picked from commit e22a512fde)
(cherry picked from commit 958b3e4877)
(cherry picked from commit d1ad5daa51)
(cherry picked from commit a4868c4d79)
(cherry picked from commit ce4692d352)
(cherry picked from commit 7cb94c23fd)
(cherry picked from commit 05fa514e14)
(cherry picked from commit be70e50114)
(cherry picked from commit 576997ac9a)
(cherry picked from commit 5ca0898717)
(cherry picked from commit 69db3def99)
(cherry picked from commit 577aec56fe)
(cherry picked from commit 1256e4f2f1)
(cherry picked from commit 98abae947e)
(cherry picked from commit 3106f876d2)

2024-02-05 16:05:02 +01:00

wxiaoguang

52fb936773

Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974 )

Replace #25892

Close  #21942
Close  #25464

Major changes:

1. Serve "robots.txt" and ".well-known/security.txt" in the "public"
custom path
* All files in "public/.well-known" can be served, just like
"public/assets"
3. Add a test for ".well-known/security.txt"
4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so
the code can be simpler
5. Add CORS header for ".well-known" endpoints
6. Add logs to tell users they should move some of their legacy custom
public files

```
2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img
2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt
```
This PR is not breaking.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>

2023-07-21 12:14:20 +00:00

2 commits