Merge pull request #2025 from GSA/notify-compliance-52

investigate security.txt

app/.well-known/security.txt

@@ -0,0 +1,2 @@
+Contact: mailto:notify-support@gsa.gov
+Expires: 2035-10-15T23:59:59Z

app/main/views/security_policy.py

@@ -1,4 +1,4 @@
-from flask import redirect
+from flask import send_from_directory
 
 from app.main import main
 
@@ -6,6 +6,4 @@ from app.main import main
 @main.route("/.well-known/security.txt", methods=["GET"])
 @main.route("/security.txt", methods=["GET"])
 def security_policy():
-    # See GDS Way security policy which this implements
-    # https://gds-way.cloudapps.digital/standards/vulnerability-disclosure.html#vulnerability-disclosure-and-security-txt
-    return redirect("https://vdp.cabinetoffice.gov.uk/.well-known/security.txt")
+    return send_from_directory(".well-known", "security.txt")

tests/app/main/views/test_security_policy.py

@@ -11,6 +11,6 @@ import pytest
 def test_security_policy_redirects_to_policy(client_request, url):
     client_request.get_url(
         url,
-        _expected_status=302,
-        _expected_redirect="https://vdp.cabinetoffice.gov.uk/.well-known/security.txt",
+        _test_page_title=False,
+        _expected_status=200,
     )