Add RFC 9116 compliant security.txt endpoint

- Implement /.well-known/security.txt endpoint for security vulnerability reporting - Add SECURITY_CONTACT environment variable support - Include proper HTTP headers (Content-Type, Cache-Control) - Set automatic expiration date and preferred languages - Add comprehensive security policy information - Update .env.example with SECURITY_CONTACT variable - Document security.txt endpoint in README.md with usage examples - Follow RFC 9116 standard for responsible disclosure
2025-09-30 19:28:29 +02:00
parent 2402afff13
commit 2dcfb8e2ee
3 changed files with 48 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -55,3 +55,4 @@ AWS_SECRET_ACCESS_KEY=your_aws_secret_key_here

 # Other API Keys (optional)
 BW_CLIENTSECRET=your_bw_client_secret_here
+SECURITY_CONTACT=security@stargirlnails.de  # E-Mail für Sicherheitsmeldungen