It would be great if there is a way to properly place a security.txt for your mendix application.
In short: security.txt is a simple text file used to share your contact details in case someone finds a security issue on your website. More info: https://securitytxt.org/
This is especially important in some countries because it can be required for goverment websites.
https://www.digitaltrustcenter.nl/nieuws/securitytxt-verplicht-voor-overheid
Problem: no way to manually put a security.txt the .well-known webfolder.
Possible solution: If you place a security.txt file in your Mendix /resources folder it should be automatically placed in the correct webfolder (.well-known) on deployment
We are working for a Dutch gov customer as well and were looking for a solution to this issue and so found this Idea. I wanted to comment that it is possible to do this manual as well.
Steps:
- go to App Directory
- create in ./theme/web folder a new /.well-known/ folder and add your security.txt file there
- commit your change in modeler, deploy new package to environment
- on Mendix Cloud under Environments go to Network tab. Change the access restriction for the folder. Set under Path based access restriction - the folder to be allowed to be accessed
Tested this to work on Mx Cloud with Mx8.