mirror of https://github.com/go-gitea/gitea
Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974)
Replace #25892 Close #21942 Close #25464 Major changes: 1. Serve "robots.txt" and ".well-known/security.txt" in the "public" custom path * All files in "public/.well-known" can be served, just like "public/assets" 3. Add a test for ".well-known/security.txt" 4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so the code can be simpler 5. Add CORS header for ".well-known" endpoints 6. Add logs to tell users they should move some of their legacy custom public files ``` 2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img 2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt ``` This PR is not breaking. --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>pull/26009/head^2
parent
2f0e79e639
commit
52fb936773
@ -0,0 +1,6 @@ |
|||||||
|
# This site is running a Gitea instance. |
||||||
|
# Gitea related security problems could be reported to Gitea community. |
||||||
|
# Site related security problems should be reported to this site's admin. |
||||||
|
Contact: https://github.com/go-gitea/gitea/blob/main/SECURITY.md |
||||||
|
Policy: https://github.com/go-gitea/gitea/blob/main/SECURITY.md |
||||||
|
Preferred-Languages: en |
Loading…
Reference in new issue