Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

How to host ".well-known/apple-developer-merchantid-domain-association" on CMS


I have a request from one of our stakeholders to host a fund-raising components in our CMS instance.  As part of that request, they want to enable Apple Pay but we need to be able to host a file to verify web site ownership at ".well-known/apple-developer-merchantid-domain-association".  I'm guessing that the ".well-known" path is special and although I created a folder for it with the verification file, our site just returns a 404.

I may be missing something really obvious here so I was wondering if there were any suggestions on how to properly host this file in EPi CMS.  Thanks.

Sep 11, 2020 20:11

Hi Jonathan

The easiest way is to add the file as a static file to the .well-known folder (which you also need to create). The content of the file rarely change.

Is the file deployed with your web site? You may need to verify that the file is added as a Content file, not a None, file in the csproj file in Visual Studio.

If you do want to manage it from the CMS, then you can add a custom MVC route to a controller and deliver the text content.

Sep 12, 2020 10:44

Hi Jonathan

I just dug up a small but significant piece of configuration from the archives.

Put the following in a new web.config file in the .well-known folder. Basically it turns off MVC's extensionless file handling.

<?xml version="1.0"?>
      <mimeMap fileExtension="." mimeType="text/plain" />
      <clear />
      <add name="StaticFile" path="*" verb="*" type="" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" scriptProcessor="" resourceType="Either" requireAccess="Read" allowPathInfo="false" preCondition="" responseBufferLimit="4194304" />

Let me know how it works out for you.

Sep 12, 2020 18:11

Thank you Stefan.  I ended up using a page type, controller, and simple address to handle this and so far it's working as hoped.

Edited, Sep 14, 2020 14:50
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.