Toptip - what is .well-known folder
Within your ~/public folder, you may come across a directory named ".well-known." This directory is frequently employed in web-based protocols to retrieve "site-wide metadata" related to a host before initiating a request. It's important to note that the absence of this folder doesn't necessarily indicate an issue; it simply means it hasn't been utilized or generated yet.
Here are some examples of what you might find in the ".well-known" directory:
- .well-known/security.txt: Contains information about a website's security policies and contact information for security researchers.
Please read some helpful blogs on this topic.
https://www.gulla.net/en/blog/security.txt
https://optimizely.blog/2023/03/easy-implementation-of-security.txt-with-minimal-api-.net-core -
.well-known/apple-app-site-association (AASA): Used for associating iOS apps with websites, enabling features like Universal Links. This file doesn't have an extension.
- .well-known/assetlinks.json: Used in the context of Android App Links. Android App Links are a way to associate a website with a specific Android app, allowing the app to open when certain links are clicked, even if the app is not currently installed on the device.
Jan 15, 2024
I'll be honest it wasn't very clear to me that the link on security.txt was a link to another blog post that covered it in more detail, can you make that clearer.
Also (and I mentioned this on Tomas's blog) it might be worth a link to as well to https://optimizely.blog/2023/03/easy-implementation-of-security.txt-with-minimal-api-.net-core too as there's some more code exmples and explanation on the security.txt
Thanks for the feedback, I have updated the contents.
Super, great work :-)