kopia lustrzana https://github.com/snarfed/bridgy-fed
rodzic
4bcf6b463f
commit
90a7b2def8
5
app.yaml
5
app.yaml
|
@ -57,6 +57,11 @@ handlers:
|
|||
upload: static/robots.txt
|
||||
secure: always
|
||||
|
||||
- url: /.well-known/security.txt
|
||||
static_files: static/security.txt
|
||||
upload: static/security.txt
|
||||
secure: always
|
||||
|
||||
# dynamic
|
||||
- url: .*
|
||||
script: auto
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
Contact: mailto:security@brid.gy
|
||||
Expires: 2030-01-01T08:00:00.000Z
|
||||
Preferred-Languages: en
|
||||
Canonical: https://fed.brid.gy/.well-known/security.txt
|
||||
Policy: https://fed.brid.gy/docs#vulnerability
|
||||
|
||||
Thank you for investigating Bridgy Fed's security! We appreciate any and all reports of vulnerabilities. The code is open source (https://github.com/snarfed/bridgy-fed), feel free to try to break in, let us know if you succeed!
|
||||
|
||||
A few guidelines for your report to qualify for a monetary reward:
|
||||
|
||||
* Vulnerabilities must be in the application itself, not unrelated services like email (eg SPF/DKIM/DMARC).
|
||||
* Out of scope: rate limiting, XSS/CSRF attacks (Bridgy Fed has no authenticated sessions or private data accessible to users).
|
||||
* Public user data is intentionally public. That's not a vulnerability.
|
||||
* No automated fuzzing, DoSes, or other high volume traffic. We block this traffic, and it will disqualify you from any possible award.
|
Ładowanie…
Reference in New Issue