Merged idea

This idea has been merged into another idea. To comment or vote on this idea, please visit WEBFLOW-I-6576 Add support for custom .well-known files.

Allow hosting files at /.well-known Merged

  • Ruud van Asseldonk
  • Aug 11 2023
  • Shipped
  • Utkarsh Sengar commented
    12 Dec 06:54
  • Jack Crane commented
    11 Nov 20:31

    Apple is requiring that we host a JSON file here <https://yourdomain.com/.well-known/com.apple.remotemanagement>, is there any update on the ability to host custom files such as this through Webflow?

    Specifically this requirement is to allow BYOD Apple iOS phones/devices to separate work and personal data (it's step 4 here <https://support.google.com/a/answer/14011560>).

  • Wessel Vleij commented
    31 Oct 14:05

    From next year all of our customers are OBLIGATED by LAW to host a security.txt file in the .well-known folder. If support isn't added we have no other choice then to leave Webflow.

  • Vaughan Shanks commented
    22 Oct 09:25

    This came out 5 days ago: https://www.cisa.gov/resources-tools/resources/product-security-bad-practices

    Noting that /.well-known/security.txt is where a VDP is usually published:

    Failing to Publish a Vulnerability Disclosure Policy

    For products used in service of critical infrastructure or NCFs, not having a published vulnerability disclosure policy (VDP) that includes the product in its scope is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety.

    Recommended actions:

    • Software manufacturers should publish a VDP that:

    • Authorizes testing by members of the public on products offered by the manufacturer;

    • Commits to not recommending or pursuing legal action against anyone engaging in good faith efforts to follow the VDP,

    • Provides a clear channel to report vulnerabilities; and

    • Allows for public disclosure of vulnerabilities in line with coordinated vulnerability disclosure (CVD) best practices and international standards.

    • Software manufacturers should remediate all valid reported vulnerabilities in a timely and risk-prioritized manner.

    Resources: CISA Secure by Design Pledge (Vulnerability Disclosure Policy), SSDF RV.1.3, ISO 29147.

  • Mirco Knecht commented
    20 Aug 04:36

    Any updates? In today's security landscape, this is crucial.

  • Vebjørn Slyngstadli commented
    November 06, 2023 18:08

    Is it posible to make an interface to upload and/edit content in .well-known?