repos/website
1
Fork 0
Code Issues 1 Pull requests 27 Activity

Add security.txt

Browse source
This commit is contained in:
Jake Howard 2022-08-19 15:06:18 +01:00
parent 1abc6da19b
commit f452f5deed
Signed by: jake
GPG key ID: 57AFB45680EDD477
4 changed files with 43 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
website/common/templates/security.txt Normal file
View file

@ -0,0 +1,7 @@
{% load wagtailcore_tags %}
{% if contact_page %}
Contact: {% pageurl contact_page %}
{% endif %}
Canonical: {{ security_txt }}
Expires: {{ expires }}
Preferred-Languages: en

13
website/common/tests/test_views.py
View file

@ -20,3 +20,16 @@ class RobotsViewTestCase(SimpleTestCase):
def test_accessible(self) -> None: def test_accessible(self) -> None:
response = self.client.get(self.url) response = self.client.get(self.url)
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertEqual(response.context["sitemap"], "http://testserver/sitemap.xml")
class SecurityViewTestCase(TestCase):
url = reverse("securitytxt")
def test_accessible(self) -> None:
response = self.client.get(self.url)
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.context["security_txt"],
"http://testserver/.well-known/security.txt",
)

21
website/common/views.py
View file

@ -1,10 +1,13 @@
from datetime import timedelta
from typing import Any from typing import Any
from django.http.response import HttpResponse from django.http.response import HttpResponse
from django.urls import reverse from django.urls import reverse
from django.utils import timezone
from django.views.defaults import ERROR_404_TEMPLATE_NAME from django.views.defaults import ERROR_404_TEMPLATE_NAME
from django.views.generic import TemplateView from django.views.generic import TemplateView
from website.contact.models import ContactPage
from website.home.models import HomePage from website.home.models import HomePage
@ -32,3 +35,21 @@ class RobotsView(TemplateView):
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)
context["sitemap"] = self.request.build_absolute_uri(reverse("sitemap")) context["sitemap"] = self.request.build_absolute_uri(reverse("sitemap"))
return context return context
class SecurityView(TemplateView):
template_name = "security.txt"
content_type = "text/plain"
expires = timedelta(days=7)
def get_context_data(self, **kwargs: dict) -> dict:
context = super().get_context_data(**kwargs)
context["security_txt"] = self.request.build_absolute_uri(
reverse("securitytxt")
)
context["contact_page"] = ContactPage.objects.live().first()
context["expires"] = (
(timezone.now() + self.expires).replace(microsecond=0).isoformat()
)
return context

3
website/urls.py
View file

@ -6,7 +6,7 @@ from wagtail.contrib.sitemaps.views import sitemap
from wagtail.documents import urls as wagtaildocs_urls from wagtail.documents import urls as wagtaildocs_urls
from wagtail.images.views.serve import ServeView from wagtail.images.views.serve import ServeView
from website.common.views import RobotsView, page_not_found from website.common.views import RobotsView, SecurityView, page_not_found
urlpatterns = [ urlpatterns = [
path("admin/", include(wagtailadmin_urls)), path("admin/", include(wagtailadmin_urls)),
@ -22,6 +22,7 @@ urlpatterns = [
), ),
path("sitemap.xml", sitemap, name="sitemap"), path("sitemap.xml", sitemap, name="sitemap"),
path("robots.txt", RobotsView.as_view(), name="robotstxt"), path("robots.txt", RobotsView.as_view(), name="robotstxt"),
path(".well-known/security.txt", SecurityView.as_view(), name="securitytxt"),
path("404/", page_not_found, name="404"), path("404/", page_not_found, name="404"),
] ]