feat: Add warning and info messages for security.txt plugin configuration in security tunning documentation

2026-05-24 09:28:37 +00:00 · 2024-07-22 16:44:25 +01:00 · 2024-07-22 16:44:25 +01:00 · 162e7a43e9
commit 162e7a43e9
parent e5434b93e9
1 changed files with 7 additions and 0 deletions
--- a/docs/security-tuning.md
+++ b/docs/security-tuning.md
@ -1428,6 +1428,9 @@ The Security.txt plugin allows you to easily create a `security.txt` file for yo
 - **Customizable and User-Friendly Configuration:** Customize the `security.txt` file to include specific contact information and security policies, and manage it easily through a user-friendly web interface.
 - **Compliance with Best Practices:** Align with industry best practices by implementing a `security.txt` file, demonstrating your commitment to security and fostering a collaborative security culture.

+!!! warning "Settings required"
+    To enable the Security.txt plugin, you need to at least set the `SECURITYTXT_CONTACT` setting to a valid value to specify the contact information for reporting security vulnerabilities. If this setting is not configured, the `security.txt` file won't be served.
+
 **List of settings**

 | Setting                        | Default                     | Context   | Multiple | Description                                                                                                                                                                                                                                                              |
@ -1443,3 +1446,7 @@ The Security.txt plugin allows you to easily create a `security.txt` file for yo
 | `SECURITYTXT_POLICY`           |                             | multisite | yes      | Indicates a link to where the vulnerability disclosure policy is located.                                                                                                                                                                                                |
 | `SECURITYTXT_HIRING`           |                             | multisite | yes      | Used for linking to the vendor's security-related job positions.                                                                                                                                                                                                         |
 | `SECURITYTXT_CSAF`             |                             | multisite | yes      | A link to the provider-metadata.json of your CSAF (Common Security Advisory Framework) provider.                                                                                                                                                                         |
+
+!!! info "Autogenerated values"
+    - The `SECURITYTXT_CANONICAL` setting is automatically generated from the site URL and the `SECURITYTXT_URI` setting (if the value is empty).
+    - The `SECURITYTXT_EXPIRES` setting is automatically generated to be the current date and time + 1 year if the value is empty.