checker-http

happyDomain/checker-http

Fork 0

Commit graph

Author	SHA1	Message	Date
Pierre-Olivier Mercier	ffa3fbe1f9	checker: validate security.txt is a real RFC 9116 file The http.security_txt rule reported OK for any 200 response with a non-empty body, so a soft-404 (status 200 + HTML body) served for /.well-known/security.txt was misread as "published". Capture the response Content-Type and count the RFC 9116 required fields (Contact, Expires) in the body. OK now requires text/plain with at least one Contact and exactly one Expires; a non-conforming 200 yields a new Warn http.security_txt.invalid explaining the defect. Redirects are still followed and the final response is validated, per RFC 9116 §3.	2026-06-14 18:14:00 +09:00
Pierre-Olivier Mercier	542ebdea34	Initial commit	2026-04-28 18:42:11 +07:00

Author

SHA1

Message

Date

Pierre-Olivier Mercier

ffa3fbe1f9

checker: validate security.txt is a real RFC 9116 file

The http.security_txt rule reported OK for any 200 response with a
non-empty body, so a soft-404 (status 200 + HTML body) served for
/.well-known/security.txt was misread as "published".

Capture the response Content-Type and count the RFC 9116 required
fields (Contact, Expires) in the body. OK now requires text/plain with
at least one Contact and exactly one Expires; a non-conforming 200
yields a new Warn http.security_txt.invalid explaining the defect.
Redirects are still followed and the final response is validated, per
RFC 9116 §3.

2026-06-14 18:14:00 +09:00

Pierre-Olivier Mercier

542ebdea34

Initial commit

2026-04-28 18:42:11 +07:00

2 commits