feat: security.txt

src/CloudfrontStack.ts

@@ -94,16 +94,18 @@ export class CloudfrontStack extends Stack {
   private addStaticResources(cloudfrontDistribution: Distribution) {
     const staticResourcesBucket = this.staticResourcesBucket();
     const originAccessIdentity = new OriginAccessIdentity(this, 'publicresourcesbucket-oia');
+
+    const origin = new S3Origin(staticResourcesBucket, {
+      originAccessIdentity: originAccessIdentity,
+    });
+
     this.allowOriginAccessIdentityAccessToBucket(originAccessIdentity, staticResourcesBucket);
-    cloudfrontDistribution.addBehavior(
-      '/static/*',
-      new S3Origin(staticResourcesBucket, {
-        originAccessIdentity: originAccessIdentity,
-      }),
-      {
-        viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
-      },
-    );
+    cloudfrontDistribution.addBehavior('/static/*', origin, {
+      viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+    });
+    cloudfrontDistribution.addBehavior('/.well-known/*', origin,{
+      viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+    });
     this.deployBucket(staticResourcesBucket, cloudfrontDistribution);
   }
 
@@ -317,7 +319,7 @@ export class CloudfrontStack extends Stack {
       sources: [aws_s3_deployment.Source.asset('./src/app/static-resources/')],
       destinationBucket: bucket,
       distribution: distribution,
-      distributionPaths: ['/static/*'],
+      distributionPaths: ['/static/*', '/.well-known/'],
     });
   }
 }

src/app/static-resources/.well-known/security.txt

@@ -0,0 +1,7 @@
+Contact: https://www.nijmegen.nl/diensten/privacy/beveiligings-of-datalek-melden/
+Expires: 2023-12-31T22:59:00.000Z
+Encryption: https://app4.nijmegen.nl/pgp-key.txt
+Acknowledgments: https://www.nijmegen.nl/diensten/privacy/beveiligings-of-datalek-melden/
+Preferred-Languages: NL
+Canonical: https://yivi.nijmegen.nl/.well-known/security.txt
+Policy: https://www.nijmegen.nl/diensten/privacy/beveiligings-of-datalek-melden/