Internet.nl
Internet.nl copied to clipboard
Add RFC9116 security.txt check
- [x] ~~Currently fails as STATUS_FAIL, maybe this should be a lighter one like notice or info?~~ Explore using INFO for recommendations, WARN for others.
- [ ] The sectxt library is not yet publicly available so this will not build in CI and can not be deployed.
- [ ] Content TBD in https://github.com/internetstandards/Internet.nl_content/pull/23
- [ ] The text in the tech table is directly from the library and can use a bit of style improvement (PR created)
- [x] Would be nice to have some domains that have broken security.txt files. If we don't know of any, I can just make one.
- [x] Some of the naming in the code feels clunky and might need another look.
- ~~Look into making tech table translatable?~~
- [ ] ~~We currently do not have a consistency check between different hosts (including v4/v6)~~ -> out of scope for now, new issue
- [x] Raise file size limit to 100KB
- [x] Make sure we verify content-type and encoding upon retrieval
- [x] Accept missing charset, i.e. only text/plain for content-type
- [x] Look into recognition of 301/302 redirects for false text/html detection
- [x] Remove canonical check for now
- [x] Be resilient for invalid utf-8 characters
- [x] Test against some of https://findsecuritycontacts.com/
- [x] Move to a separate subsection
- [ ] Show which domain we retrieved the final security.txt?