Don't display admin email in security.txt

author: Chocobozzz <me@florianbigard.com> 2023-08-18 10:35:45 +0200
committer: Chocobozzz <me@florianbigard.com> 2023-08-18 10:35:45 +0200
commit: 822872aacdd763988cb9e81cdcc3576178993b74 (patch)
tree: 6d44cda8ce24120f50cc98405acd5fdc0e9a88ef
parent: 3ff44b67eaf8e2cae2cee1880dab3217e339a8e1 (diff)
download: PeerTube-822872aacdd763988cb9e81cdcc3576178993b74.tar.gz
PeerTube-822872aacdd763988cb9e81cdcc3576178993b74.tar.zst
PeerTube-822872aacdd763988cb9e81cdcc3576178993b74.zip
4 files changed, 8 insertions, 7 deletions
diff --git a/config/default.yaml b/config/default.yaml
index fcd634d1d..2a0b0fb1c 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -760,8 +760,9 @@ instance:
    Disallow:
  # /.well-known/security.txt rules. This endpoint is cached, so you may have to wait a few hours before viewing your changes
  # To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
-  securitytxt:
+  securitytxt: |
-    '# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:'
+    Contact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md
+    Expires: 2025-12-31T11:00:00.000Z'
 services:
  # Cards configuration to format video in Twitter
diff --git a/config/production.yaml.example b/config/production.yaml.example
index 2ec7c3fca..5a7f378c4 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -770,8 +770,9 @@ instance:
    Disallow:
  # /.well-known/security.txt rules. This endpoint is cached, so you may have to wait a few hours before viewing your changes
  # To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string
-  securitytxt:
+  securitytxt: |
-    '# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:'
+    Contact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md
+    Expires: 2025-12-31T11:00:00.000Z'
 services:
  # Cards configuration to format video in Twitter
diff --git a/server/server/controllers/well-known.ts b/server/server/controllers/well-known.ts
index b6bcd79ef..e820c060e 100644
--- a/server/server/controllers/well-known.ts
+++ b/server/server/controllers/well-known.ts
@@ -27,7 +27,7 @@ wellKnownRouter.get('/.well-known/security.txt',
  cacheRoute(ROUTE_CACHE_LIFETIME.SECURITYTXT),
  (_, res: express.Response) => {
    res.type('text/plain')
-    return res.send(CONFIG.INSTANCE.SECURITYTXT + CONFIG.INSTANCE.SECURITYTXT_CONTACT)
+    return res.send(CONFIG.INSTANCE.SECURITYTXT)
  }
 )
diff --git a/server/server/initializers/config.ts b/server/server/initializers/config.ts
index dd196ea0c..690a20c31 100644
--- a/server/server/initializers/config.ts
+++ b/server/server/initializers/config.ts
@@ -546,8 +546,7 @@ const CONFIG = {
      get CSS () { return config.get<string>('instance.customizations.css') }
    },
    get ROBOTS () { return config.get<string>('instance.robots') },
-    get SECURITYTXT () { return config.get<string>('instance.securitytxt') },
+    get SECURITYTXT () { return config.get<string>('instance.securitytxt') }
-    get SECURITYTXT_CONTACT () { return config.get<string>('admin.email') }
  },
  SERVICES: {
    TWITTER: {
author	Chocobozzz <me@florianbigard.com>	2023-08-18 10:35:45 +0200
committer	Chocobozzz <me@florianbigard.com>	2023-08-18 10:35:45 +0200
commit	822872aacdd763988cb9e81cdcc3576178993b74 (patch)
tree	6d44cda8ce24120f50cc98405acd5fdc0e9a88ef
parent	3ff44b67eaf8e2cae2cee1880dab3217e339a8e1 (diff)
download	PeerTube-822872aacdd763988cb9e81cdcc3576178993b74.tar.gz PeerTube-822872aacdd763988cb9e81cdcc3576178993b74.tar.zst PeerTube-822872aacdd763988cb9e81cdcc3576178993b74.zip