diff --git a/CHANGELOG.md b/CHANGELOG.md index 646ef8e..2374055 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +# 1.0.4 (2022-03-29) + +Added support for security.txt files + +# 1.0.3 (2022-03-29) + +Fix dependencies for Flask 1.1.x: jinja2 + # 1.0.2 (2022-03-21) Pass through error messages from flask.abort to 404.html and 500.html templates diff --git a/canonicalwebteam/flask_base/app.py b/canonicalwebteam/flask_base/app.py index b909cda..5246246 100644 --- a/canonicalwebteam/flask_base/app.py +++ b/canonicalwebteam/flask_base/app.py @@ -277,6 +277,7 @@ def favicon(): robots_path = os.path.join(self.root_path, "..", "robots.txt") humans_path = os.path.join(self.root_path, "..", "humans.txt") + security_path = os.path.join(self.root_path, "..", "security.txt") if os.path.isfile(robots_path): @@ -289,3 +290,9 @@ def robots(): @self.route("/humans.txt") def humans(): return flask.send_file(humans_path) + + if os.path.isfile(security_path): + + @self.route("/.well-known/security.txt") + def security(): + return flask.send_file(security_path) diff --git a/setup.py b/setup.py index f196aa4..737995c 100755 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ setup( name="canonicalwebteam.flask-base", - version="1.0.3", + version="1.0.4", description=( "Flask extension that applies common configurations" "to all of webteam's flask apps." diff --git a/tests/test_app/security.txt b/tests/test_app/security.txt new file mode 100644 index 0000000..dad6d7e --- /dev/null +++ b/tests/test_app/security.txt @@ -0,0 +1 @@ +security is very important! \ No newline at end of file diff --git a/tests/test_flask_base.py b/tests/test_flask_base.py index 1055e99..54bfe11 100644 --- a/tests/test_flask_base.py +++ b/tests/test_flask_base.py @@ -215,20 +215,25 @@ def test_favicon_serve(self): response = client.get("/favicon.ico") self.assertEqual(200, response.status_code) - def test_robots_humans(self): + def test_text_files(self): """ - If `robots.txt` and `humans.txt` are provided at the root of the - project, check requests to `/robots.txt` load the content + If `robots.txt`, `humans.txt`, `security.txt` are provided at the root + of the project, check requests to `/robots.txt` load the content """ with create_test_app().test_client() as client: warnings.simplefilter("ignore", ResourceWarning) robots_response = client.get("robots.txt") humans_response = client.get("humans.txt") + security_response = client.get("/.well-known/security.txt") self.assertEqual(200, robots_response.status_code) self.assertEqual(200, humans_response.status_code) + self.assertEqual(200, security_response.status_code) self.assertEqual(robots_response.data, b"robots!") self.assertEqual(humans_response.data, b"humans!") + self.assertEqual( + security_response.data, b"security is very important!" + ) def test_error_pages(self): """