Merged idea

This idea has been merged into another idea. To comment or vote on this idea, please visit WEBFLOW-I-6576 Add support for custom .well-known files.

Allow hosting files at /.well-known Merged

This is required to make many standards work, e.g. security.txt.


See also https://discourse.webflow.com/t/upload-json-file-apple-app-site-association/144872 and https://twitter.com/securitytxt/status/1498305652195799040.

  • Ruud van Asseldonk
  • Aug 11 2023
  • Shipped
Data Management
  • Utkarsh Sengar commented
    December 12, 2024 06:54

    Webflow now supports all well known files: https://help.webflow.com/hc/en-us/articles/36293473743123-Upload-a-well-known-file

    Attachments Open full size
  • Jack Crane commented
    November 11, 2024 20:31

    Apple is requiring that we host a JSON file here <https://yourdomain.com/.well-known/com.apple.remotemanagement>, is there any update on the ability to host custom files such as this through Webflow?

    Specifically this requirement is to allow BYOD Apple iOS phones/devices to separate work and personal data (it's step 4 here <https://support.google.com/a/answer/14011560>).

    Attachments Open full size
  • Wessel Vleij commented
    October 31, 2024 14:05

    From next year all of our customers are OBLIGATED by LAW to host a security.txt file in the .well-known folder. If support isn't added we have no other choice then to leave Webflow.

    Attachments Open full size
  • Vaughan Shanks commented
    October 22, 2024 09:25

    This came out 5 days ago: https://www.cisa.gov/resources-tools/resources/product-security-bad-practices

    Noting that /.well-known/security.txt is where a VDP is usually published:

    Failing to Publish a Vulnerability Disclosure Policy

    For products used in service of critical infrastructure or NCFs, not having a published vulnerability disclosure policy (VDP) that includes the product in its scope is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety.

    Recommended actions:

    • Software manufacturers should publish a VDP that:

    • Authorizes testing by members of the public on products offered by the manufacturer;

    • Commits to not recommending or pursuing legal action against anyone engaging in good faith efforts to follow the VDP,

    • Provides a clear channel to report vulnerabilities; and

    • Allows for public disclosure of vulnerabilities in line with coordinated vulnerability disclosure (CVD) best practices and international standards.

    • Software manufacturers should remediate all valid reported vulnerabilities in a timely and risk-prioritized manner.

    Resources: CISA Secure by Design Pledge (Vulnerability Disclosure Policy), SSDF RV.1.3, ISO 29147.

    Attachments Open full size
  • Mirco Knecht commented
    August 20, 2024 04:36

    Any updates? In today's security landscape, this is crucial.

    Attachments Open full size
  • Vebjørn Slyngstadli commented
    November 06, 2023 18:08

    Is it posible to make an interface to upload and/edit content in .well-known?

    Attachments Open full size

Related ideas