Jump to content

Host a security.txt file in the browser

Recommended Posts

It simply isn’t possible to do this with a file hosted on Squarespace.

About me: I'm Paul. A SQSP User for 18 yrs, I joined Circle when it launched in 2016 and have been a Circle Leader since 2017. I value honesty, transparency, diversity and good design ♥.
Work: Founder of SF.DIGITAL, providing expertise and extensions to supercharge your Squarespace website. 
Content: Views and opinions are my own. Links in my posts may refer to my own SF.DIGITAL products or may be affiliate links.
Forum advice is free. You can thank me by clicking one of the feedback emojis below. Coffee fuels my work.

Book paid help with a Squarespace Domain

Link to comment
  • 2 months later...
43 minutes ago, drumsntech said:

Is that on the roadmap at all? We'd like to do this as well.

Not speaking for @paul2009 but I don't see this happening anytime soon on SS. The number of SS customers that would actually use this feature are too small for SS to spend resources on implementing it.

Of course it doesn't hurt to put in a feature request to customer service.

I realize that making it easy on the security researcher is the goal but the extra step of opening the downloaded file wouldn't deter them. I don't see them saying oh this is just one step too far! 🙂

 

Find my contributions useful? Please like, upvote, mark my answer as the best ( solution ), and see my profile. Thanks for your support! I am a Squarespace ( and other technological things ) consultant open for new projects.

Link to comment
6 hours ago, drumsntech said:

Is that the only /best suggested work-around for the time being?

The only other thing I can think of would be to host the file outside of the SS site and use a URL redirect to the outside file. The outside host would have to work the way you want, not download the file.

The spec for this doesn't talk about redirects as far as I know but this may defeat the intent of the spec. That being having a file on the site at a known URL so the researcher knows its legit.

I'm afraid there aren't any magic answers here until SS either implements the spec or gives us more control on how a file that has been uploaded behaves when the user accesses it, download vs view. The later being even less likely than them implementing the spec.

Just a thought. I wonder if there is a similar spec for adding that information as a text record on the domain? We have much more control over that aspect of our sites, assuming you use a custom domain. This wouldn't be as easy as a URL for the researcher but again they aren't ones who usually give up at resistance or don't have access to DNS tools.

Edited by creedon

Find my contributions useful? Please like, upvote, mark my answer as the best ( solution ), and see my profile. Thanks for your support! I am a Squarespace ( and other technological things ) consultant open for new projects.

Link to comment
  • 10 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

×
×
  • Create New...

Squarespace Webinars

Free online sessions where you’ll learn the basics and refine your Squarespace skills.

Hire a Designer

Stand out online with the help of an experienced designer or developer.