This idea has been merged into another idea. To comment or vote on this idea, please visit WEBFLOW-I-6576 Add support for custom .well-known files.
This is required to make many standards work, e.g. security.txt.
See also https://discourse.webflow.com/t/upload-json-file-apple-app-site-association/144872 and https://twitter.com/securitytxt/status/1498305652195799040.
Webflow now supports all well known files: https://help.webflow.com/hc/en-us/articles/36293473743123-Upload-a-well-known-file
Apple is requiring that we host a JSON file here <https://yourdomain.com/.well-known/com.apple.remotemanagement>, is there any update on the ability to host custom files such as this through Webflow?
Specifically this requirement is to allow BYOD Apple iOS phones/devices to separate work and personal data (it's step 4 here <https://support.google.com/a/answer/14011560>).
From next year all of our customers are OBLIGATED by LAW to host a security.txt file in the .well-known folder. If support isn't added we have no other choice then to leave Webflow.
This came out 5 days ago: https://www.cisa.gov/resources-tools/resources/product-security-bad-practices
Noting that
/.well-known/security.txt
is where a VDP is usually published:Failing to Publish a Vulnerability Disclosure Policy
For products used in service of critical infrastructure or NCFs, not having a published vulnerability disclosure policy (VDP) that includes the product in its scope is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety.
Recommended actions:
Software manufacturers should publish a VDP that:
Authorizes testing by members of the public on products offered by the manufacturer;
Commits to not recommending or pursuing legal action against anyone engaging in good faith efforts to follow the VDP,
Provides a clear channel to report vulnerabilities; and
Allows for public disclosure of vulnerabilities in line with coordinated vulnerability disclosure (CVD) best practices and international standards.
Software manufacturers should remediate all valid reported vulnerabilities in a timely and risk-prioritized manner.
Resources: CISA Secure by Design Pledge (Vulnerability Disclosure Policy), SSDF RV.1.3, ISO 29147.
Any updates? In today's security landscape, this is crucial.
Is it posible to make an interface to upload and/edit content in .well-known?