Add redirects to central security.txt

As per guidance on the gds-way about security.txt and vulnerability disclosure[0], this PR adds a couple of HTML files (and a `_config.yml` file enabling the `.well-known` directory) that redirect to the Cabinet Office central `security.txt`. Adapted from https://github.com/alphagov/security.txt. We need to use a subdirectory to allow us to serve from the non-HTML pages (as noted in [1]). [0]: https://gds-way.cloudapps.digital/standards/vulnerability-disclosure.html [1]: https://www.jvt.me/posts/2021/10/28/middleman-redirect-content-type/
co-cddo · Oct 28, 2021 · fec9158 · fec9158
2 parents 4af52cf + 630adc2
commit fec9158
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/config.rb b/config.rb
@@ -48,6 +48,10 @@
 config[:tech_docs] = YAML.load_file(config_file).with_indifferent_access
 activate :unique_identifier
 
+redirect "security.txt/index.html", to: "https://vdp.cabinetoffice.gov.uk/.well-known/security.txt"
+redirect ".well-known/security.txt/index.html", to: "https://vdp.cabinetoffice.gov.uk/.well-known/security.txt"
+import_file File.expand_path("_config.yml", config[:source]), "/_config.yml"
+
 helpers do
   include GovukTechDocs::ContributionBanner
 

diff --git a/source/_config.yml b/source/_config.yml
@@ -0,0 +1,2 @@
+include:
+- ".well-known"