WKD new online-checker and suggestion for the WKD spec

[Frank Guthausen]

On Wed, 19 Feb 2025 16:59:33 +0100
Bernhard Reiter via Gnupg-users <gnupg-users at gnupg.org> wrote:
> 
>   https://webkeydirectory.com
> 
> [...]
> the SHOULD content-type is indicated in red, but I've also learned
> that my policy file had a defect. So it is useful. :)
> 
> [...]
> 
> the checker also recommends to set
>   The Access-Control-Allow-Origin: * header is needed to allow
> OpenPGP clients to fetch the policy from a different domain,
> bypassing CORS restrictions.

This is indeed a nice tool which helps fine tuning the configuration and
debugging errors. Three resolved issues (and one open but understood) in
less than four weeks

 make the admin smile
 at least a little while

and are a reasonably good count. For user only (non-root) permission
environments, e.g. webspace but not server contracts, I figured out the
following htaccess lines to be helpful for apache web server:

---->
Header          add Access-Control-Allow-Origin "*"
ForceType       application/octet-stream
<----

In server environments with root permission to edit the main
configuration of a vhost it might be good advice to restrict
those to a path (and ifmodule mod_mime.c) dependent substructure.

I improved both kinds of situation to a
full green output and learned a few things.
-- 
kind regards
Frank
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250317/abd22b7e/attachment.sig>