From 9c7283dffde92eb0e468881d20ecad2ff20a2b3d Mon Sep 17 00:00:00 2001
From: Kumi <git@kumi.email>
Date: Fri, 15 Mar 2024 10:55:50 +0100
Subject: [PATCH] feat(Caddyfile): support security.txt redirection

Introduced handling for security.txt requests in the Caddyfile
configuration to redirect users to a dedicated security page. This
change enables visitors to easily find security policy and vulnerability
reporting information by redirecting requests for
`/.well-known/security.txt` and `/security.txt` to
`https://security.private.coffee/security.txt`. Implementing this
standard practice improves transparency and security posture by
facilitating clearer communication with security researchers and the
public.
---
 contrib/caddy/Caddyfile | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/contrib/caddy/Caddyfile b/contrib/caddy/Caddyfile
index 9c013d1..f262cae 100644
--- a/contrib/caddy/Caddyfile
+++ b/contrib/caddy/Caddyfile
@@ -14,6 +14,11 @@ private.coffee www.private.coffee {
 		path assets /assets/*
 	}
 
+	@security {
+		path security-well-known /.well-known/security.txt
+		path security /security.txt
+	}
+
 	handle @matrix {
 		header /.well-known/matrix/* Content-Type application/json
 		header /.well-known/matrix/* Access-Control-Allow-Origin *
@@ -26,6 +31,10 @@ private.coffee www.private.coffee {
 		root * /srv/private.coffee
 	}
 
+	handle @security {
+		redir https://security.private.coffee/security.txt
+	}
+
 	handle {
 		reverse_proxy * unix//var/run/uwsgi/privatecoffee.sock
 	}