From 14302a8a75b732a62c01dd182d3bbcc3beac6287 Mon Sep 17 00:00:00 2001
From: jaysu66 <su200531@qq.com>
Date: Fri, 10 Apr 2026 13:46:54 +0800
Subject: [PATCH 1/2] chore: add .well-known/security.txt

---
 .well-known/security.txt | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 .well-known/security.txt

diff --git a/.well-known/security.txt b/.well-known/security.txt
new file mode 100644
index 000000000..efdaad52e
--- /dev/null
+++ b/.well-known/security.txt
@@ -0,0 +1,4 @@
+Contact: mailto:security@databuddy.cc
+Policy: https://github.com/databuddy-analytics/Databuddy/blob/main/SECURITY.md
+Expires: 2027-04-10T00:00:00.000Z
+Preferred-Languages: en

From 4e921af8bcee3209bc8663f0d5ec7e953b652f12 Mon Sep 17 00:00:00 2001
From: jaysu66 <su200531@qq.com>
Date: Fri, 10 Apr 2026 14:27:46 +0800
Subject: [PATCH 2/2] chore: move security.txt to Next.js public dir and add
 Canonical field

Per reviewer feedback: file needs to be in apps/dashboard/public/.well-known/
to be served at https://databuddy.cc/.well-known/security.txt by Next.js.
Also adds RFC 9116 recommended Canonical field.
---
 {.well-known => apps/dashboard/public/.well-known}/security.txt | 1 +
 1 file changed, 1 insertion(+)
 rename {.well-known => apps/dashboard/public/.well-known}/security.txt (75%)

diff --git a/.well-known/security.txt b/apps/dashboard/public/.well-known/security.txt
similarity index 75%
rename from .well-known/security.txt
rename to apps/dashboard/public/.well-known/security.txt
index efdaad52e..5153c3996 100644
--- a/.well-known/security.txt
+++ b/apps/dashboard/public/.well-known/security.txt
@@ -1,4 +1,5 @@
 Contact: mailto:security@databuddy.cc
 Policy: https://github.com/databuddy-analytics/Databuddy/blob/main/SECURITY.md
+Canonical: https://databuddy.cc/.well-known/security.txt
 Expires: 2027-04-10T00:00:00.000Z
 Preferred-Languages: en