Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can one get github pages to serve dot files like RFC5785's /.well-known/?

Tags:

github-pages

hidden-files

rfc5785

security.txt

I've got a documentation website populated from the Github master branch for my documentation project.

I'd like https://mydomain/.well-known/security.txt to serve the file under tree/master/.well-known/security.txt per securitytxt.org which says

security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.

For websites, the security.txt file should be placed under the /.well-known/ path (/.well-known/security.txt) [RFC5785]. It can also be placed in the root directory (/security.txt) of a website, especially if the /.well-known/ directory cannot be used for technical reasons, or simply as a fallback.

The problem I'm seeing is that .well-known seems to be ignored by Github pages presumably because it's a hidden file per POSIX file conventions. Is this configurable?

I could use the fallback quoted above, but I'd rather follow the RFC5785 if possible.

For reference, the project I'm currently concerned about is https://github.com/temper-lang/docs and I expect the security.txt to show up at https://temperlang.dev/.well-known/security.txt but get a 404.

Below is a screenshot of my Github pages config:

Github pages config

like image 822
Mike Samuel Avatar asked Nov 04 '19 19:11

Mike Samuel

People also ask

How do GitHub Pages work?

GitHub Pages is a static site hosting service that takes HTML, CSS, and JavaScript files straight from a repository on GitHub, optionally runs the files through a build process, and publishes a website. You can see examples of GitHub Pages sites in the GitHub Pages examples collection.

How much traffic can GitHub Pages handle?

Published GitHub Pages sites may be no larger than 1 GB. GitHub Pages sites have a soft bandwidth limit of 100GB per month. GitHub Pages sites have a soft limit of 10 builds per hour.

What should we be careful of before deploying to GitHub Pages?

Even if the repository is private, the site is still publicly available on the internet — so the developer should always check for any sensitive data before deployment. Naturally, sending sensitive data (e.g. passwords or credit card information) is also unsafe.

1 Answers

It may not be a solution for you if your site is using Jekyll, but in my case I was able to enable serving of files beginning with a dot by creating a .nojekyll file in the root of the Github pages repository.

I found this by doing a few more searches on Stackoverflow. Credit to this answer.

like image 119
Mark Edington Avatar answered Oct 17 '22 01:10

Mark Edington
Sign in to Comment

Related questions

Travis CI kick off build on new tag
Baseurl behavior differs between localhost and github pages in Jekyll
Github pages - Disable custom domain redirection for all but a single site?
github project sub-directory redirects to custom domain
Trouble Linking External JavaScript with Jekyll
GitHub Organization Pages without named repository
Github pages, bootstrap css remotely: Failed to load resource: the server responded with a status of 404 (Not Found)
Service Worker not registering on gh-pages hosted website

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!