This is the worker that serves security.txt on several of my (@diecknet) websites.
From https://securitytxt.org,
When security risks in web services are discovered by independent security researchers who
understand the severity of the risk, they often lack the channels to disclose them properly.
As a result, security issues may be left unreported. security.txt defines a standard to help
organizations define the process for security researchers to disclose security vulnerabilities
securely.
This repository provides a simple solution to deliver a security.txt file using Cloudflare Workers. It is a fork of cloudflare/securitytxt-worker.
- use a static version of
security.txt - added 'Deploy with Workers' button and instructions
- removed
MAKEcommands andexpires.js, that I didn't need - removed Cloudflare PGP key
You can find a generator on https://securitytxt.org/.
Wait for the deployment to finish. You can find the URL of your deployment in your Cloudflare Workers dashboard.
Navigate to your domain in the Cloudflare dashboard, then to 'Workers'. Add desired routes. I added both of these:
| Route | Worker |
|---|---|
| *example.com/security.txt | securitytxt-worker |
| *example.com/.well-known/security.txt | securitytxt-worker |
Replace 'example.com' with your domain.
If you don't want to include all subdomains, remove the leading * asterisk before the domain.
Usually the 'Deploy with Workers' process should guide you through setting up these secrets. If you need to manually add the secrets to your GitHub Repository, you might find this info useful:
| Secret name | Secret value | Note |
|---|---|---|
| CF_ACCOUNT_ID | Your Cloudflare Account ID | You can find it in the Workers Dashboard |
| CF_API_TOKEN | Your Cloudflare API Token | You can generate one under 'My profile' -> 'API Tokens'. You can use the template 'Edit Cloudflare Workers' |