investigate security.txt

app/.well-known/security.txt

@@ -0,0 +1,2 @@
+Contact: mailto:security@notify.gov
+Expires: 2025-10-15T23:59:59Z

app/main/views/security_policy.py

@@ -1,4 +1,4 @@
-from flask import redirect
+from flask import send_from_directory
 
 from app.main import main
 
@@ -6,6 +6,4 @@ from app.main import main
 @main.route("/.well-known/security.txt", methods=["GET"])
 @main.route("/security.txt", methods=["GET"])
 def security_policy():
-    # See GDS Way security policy which this implements
-    # https://gds-way.cloudapps.digital/standards/vulnerability-disclosure.html#vulnerability-disclosure-and-security-txt
-    return redirect("https://vdp.cabinetoffice.gov.uk/.well-known/security.txt")
+    return send_from_directory(".well-known", "security.txt")