|
| 1 | +# 001-http-redirect |
| 2 | + |
| 3 | +The best implementation is to utilise a HTTP redirect to the central security.txt file. |
| 4 | + |
| 5 | +``` |
| 6 | +< HTTP/1.1 302 Found |
| 7 | +< Location: https://vulnerability-reporting.service.security.gov.uk/.well-known/security.txt |
| 8 | +``` |
| 9 | + |
| 10 | +See below for various implementation examples: |
| 11 | +- [Node.js Express.js](#nodejs-expressjs) |
| 12 | +- [Node.js 'http'](#nodejs-http) |
| 13 | +- [Python Flask](#python-flask) |
| 14 | + |
| 15 | +Additionally, see [002-faas-edge-code](../002-faas-edge-code) for code to implement at your CDN edge to perform the HTTP redirect. |
| 16 | + |
| 17 | +## Node.js Express.js |
| 18 | + |
| 19 | +``` js |
| 20 | +const express = require('express') |
| 21 | +const app = express() |
| 22 | +const port = 3000 |
| 23 | + |
| 24 | +const sectxt_pathregex = /^(\/.well[-_]known)?\/security(\.txt)?/ |
| 25 | +const sectxt_location = 'https://vulnerability-reporting.service.security.gov.uk/.well-known/security.txt' |
| 26 | + |
| 27 | +app.get(sectxt_pathregex, (req, res) => { |
| 28 | + res.redirect(sectxt_location) |
| 29 | +}) |
| 30 | + |
| 31 | +app.get('/', (req, res) => { |
| 32 | + res.send('OK') |
| 33 | +}) |
| 34 | + |
| 35 | +app.listen(port, () => { |
| 36 | + console.log(`Example app listening on port ${port}`) |
| 37 | +}) |
| 38 | +``` |
| 39 | + |
| 40 | +## Node.js 'http' |
| 41 | + |
| 42 | +``` js |
| 43 | +var port = 3000; |
| 44 | +var http = require('http'); |
| 45 | +var url = require('url'); |
| 46 | +var sectxt_pathregex = /^(\/.well[-_]known)?\/security(\.txt)?/; |
| 47 | +var sectxt_location = 'https://vulnerability-reporting.service.security.gov.uk/.well-known/security.txt'; |
| 48 | + |
| 49 | +var server = http.createServer(function(req, res) { |
| 50 | + var parsedUrl = url.parse(req.url); |
| 51 | + if(parsedUrl.pathname.match(sectxt_pathregex)) { |
| 52 | + res.writeHead(302, {'Location': sectxt_location}); |
| 53 | + res.end(); |
| 54 | + return; |
| 55 | + } |
| 56 | +}); |
| 57 | + |
| 58 | +server.listen(port); |
| 59 | +``` |
| 60 | + |
| 61 | +## Python Flask |
| 62 | + |
| 63 | +``` python |
| 64 | +import os |
| 65 | +from flask import Flask, redirect |
| 66 | + |
| 67 | +app = Flask(__name__) |
| 68 | +SECTXT_LOCATION = 'https://vulnerability-reporting.service.security.gov.uk/.well-known/security.txt' |
| 69 | + |
| 70 | +@app.route("/", methods=["GET"]) |
| 71 | +def root(): |
| 72 | + return "OK" |
| 73 | + |
| 74 | +@app.route("/.well-known/security.txt", methods=["GET"]) |
| 75 | +@app.route("/security.txt", methods=["GET"]) |
| 76 | +def securitytxt(): |
| 77 | + return redirect(SECTXT_LOCATION) |
| 78 | + |
| 79 | +if __name__ == "__main__": |
| 80 | + app.run(host="0.0.0.0", port=int(os.getenv("PORT", "3000"))) |
| 81 | +``` |
0 commit comments