Merge pull request #2025 from GSA/notify-compliance-52

investigate security.txt
GSA · Oct 17, 2024 · 185f00c · 185f00c
2 parents 1490655 + 1dbb369
commit 185f00c
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/app/.well-known/security.txt b/app/.well-known/security.txt
@@ -0,0 +1,2 @@
+Contact: mailto:[email protected]
+Expires: 2035-10-15T23:59:59Z
diff --git a/app/main/views/security_policy.py b/app/main/views/security_policy.py
@@ -1,11 +1,9 @@
-from flask import redirect
+from flask import send_from_directory
 
 from app.main import main
 
 
 @main.route("/.well-known/security.txt", methods=["GET"])
 @main.route("/security.txt", methods=["GET"])
 def security_policy():
-    # See GDS Way security policy which this implements
-    # https://gds-way.cloudapps.digital/standards/vulnerability-disclosure.html#vulnerability-disclosure-and-security-txt
-    return redirect("https://vdp.cabinetoffice.gov.uk/.well-known/security.txt")
+    return send_from_directory(".well-known", "security.txt")
diff --git a/tests/app/main/views/test_security_policy.py b/tests/app/main/views/test_security_policy.py
@@ -11,6 +11,6 @@
 def test_security_policy_redirects_to_policy(client_request, url):
     client_request.get_url(
         url,
-        _expected_status=302,
-        _expected_redirect="https://vdp.cabinetoffice.gov.uk/.well-known/security.txt",
+        _test_page_title=False,
+        _expected_status=200,
     )
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		Contact: mailto:[email protected]
		Expires: 2035-10-15T23:59:59Z