Is it OK to add site verification files to public source control?

About

Asked 29/4, 2014 at 15:18 Answered 30/4, 2014 at 1:29

Solved security version-control google-search-console bing-webmaster-tools

When submitting my website to Google and Bing they require I verify it by (for example) uploading a file.

This file, if I have understood, should not be removed because they recheck it regularly and removing it would mean I'd lose access and need to verify it again.

Given that the source of this website is available publicly on GitHub, is it safe/ok add these verification files to source control? Or would that add a risk of some sort?

Basrhin answered 29/4, 2014 at 15:18 Comment(0)

Since the verification file is within the web servers root structure, and Google needs to access it to read its contents - Technically anyone could read it if they wanted by going to http://mysite.example.com/verification.html.

With that in mind, I wouldn't add it to the github repository as it isn't something anyone would need to either clone the repository and create their own version, or fork and create change requests. It doesn't have any value to anyone other than you.

Engross answered 30/4, 2014 at 1:29 Comment(2)

Very good point that it's not useful when cloning to create a separate version. Having those files checked in would actually add an annoyance since they would probably have to replace them with their own versions. Good points! – Basrhin 30/4, 2014 at 11:12

If you don't add it to the repo, how do you ensure the page is available when you deploy? I am pushing a repo to heroku but if I ignore the html file, I still need the single resource declared in the routes and controller so it seems like no matter what the verification is in the repo – Neogaea 2/12, 2015 at 4:56

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags