security.txt location

Questions or suggestions about the platform
Post Reply
Catalyst_IT_AU
Posts:1
Joined:Tue Aug 03, 2021 7:06 am
security.txt location

Post by Catalyst_IT_AU » Thu Aug 05, 2021 4:15 am

The site verification page says "Create a security.txt file and place it in the website root directory. Your security.txt file should contain the following string:"

The current draft IETF for security.txt (https://datatracker.ietf.org/doc/html/d ... ecuritytxt) states:

Location of the security.txt file

For web-based services, organizations MUST place the "security.txt"
file under the "/.well-known/" path; e.g. https://example.com/.well-
known/security.txt as per [RFC8615] of a domain name or IP address.
For legacy compatibility, a security.txt file might be placed at the
top-level path or redirect (as per section 6.4 of [RFC7231]) to the
"security.txt" file under the "/.well-known/" path. If a
"security.txt" file is present in both locations, the one in the
"/.well-known/" path MUST be used.

Does the platform follow this approach already? If so, I propose the text on the verification page is updated.
Thanks

User avatar
x1admin
Site Admin
Posts:3110
Joined:Sun Nov 15, 2015 7:04 pm

Re: security.txt location

Post by x1admin » Fri Aug 06, 2021 7:10 am

You can place security.txt in /.well-known/ directory.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest