Allow administrators to provide public security contact information
Organizations can facilitate the responsible disclosure of security issues by providing public contact information. The standard way to do this is by using a [security.txt](https://securitytxt.org/) file. This MR introduces this feature by adding: - a new application setting (text, max 2048 chars) - updated admin UI to configure this instance-level setting - updated application setting API to configure the setting - a new controller to render the content when present - updated documentation describing the feature and how to use it When present, the content will be available at `https://YOUR_INSTANCE/.well-known/security.txt`. Authentication is not required to view this file. Changelog: added
显示
- app/controllers/well_known_controller.rb 19 个添加, 0 个删除app/controllers/well_known_controller.rb
- app/helpers/application_settings_helper.rb 2 个添加, 1 个删除app/helpers/application_settings_helper.rb
- app/models/application_setting.rb 4 个添加, 0 个删除app/models/application_setting.rb
- app/models/application_setting_implementation.rb 2 个添加, 1 个删除app/models/application_setting_implementation.rb
- app/views/admin/application_settings/_security_txt.html.haml 21 个添加, 0 个删除app/views/admin/application_settings/_security_txt.html.haml
- app/views/admin/application_settings/general.html.haml 1 个添加, 0 个删除app/views/admin/application_settings/general.html.haml
- config/routes/well_known.rb 1 个添加, 0 个删除config/routes/well_known.rb
- db/migrate/20231129231159_add_security_txt_content_to_application_settings.rb 20 个添加, 0 个删除...31159_add_security_txt_content_to_application_settings.rb
- db/schema_migrations/20231129231159 1 个添加, 0 个删除db/schema_migrations/20231129231159
- db/structure.sql 2 个添加, 0 个删除db/structure.sql
- doc/administration/settings/security_contact_information.md 42 个添加, 0 个删除doc/administration/settings/security_contact_information.md
- doc/api/settings.md 5 个添加, 2 个删除doc/api/settings.md
- doc/security/responding_to_security_incidents.md 4 个添加, 0 个删除doc/security/responding_to_security_incidents.md
- lib/api/settings.rb 1 个添加, 0 个删除lib/api/settings.rb
- locale/gitlab.pot 12 个添加, 0 个删除locale/gitlab.pot
- spec/models/application_setting_spec.rb 4 个添加, 0 个删除spec/models/application_setting_spec.rb
- spec/requests/api/settings_spec.rb 17 个添加, 1 个删除spec/requests/api/settings_spec.rb
- spec/requests/well_known_routing_spec.rb 0 个添加, 13 个删除spec/requests/well_known_routing_spec.rb
- spec/requests/well_known_spec.rb 55 个添加, 0 个删除spec/requests/well_known_spec.rb
- spec/views/admin/application_settings/_security_txt.html.haml_spec.rb 38 个添加, 0 个删除...dmin/application_settings/_security_txt.html.haml_spec.rb
加载中
想要评论请 注册 或 登录