zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-06-09 22:14:43 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add requirements view

Browse source
This commit is contained in:
igorkorenfeld 2022-11-08 17:02:49 -05:00
parent a946a5e629
commit fe6aa96a02
No known key found for this signature in database
GPG key ID: 826947A4B867F659
2 changed files with 78 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/registrar/forms/application_wizard.py
View file

@ -135,6 +135,9 @@ class AnythingElseForm(forms.Form):
widget=forms.Textarea()
)
class RequirementsForm(forms.Form):
agree_check = forms.BooleanField(label="I read and agree to the .gov domain requirements.")
# List of forms in our wizard. Each entry is a tuple of a name and a form
# subclass
FORMS = [
@ -148,6 +151,7 @@ FORMS = [
("other_contacts", OtherContactsForm),
("security_email", SecurityEmailForm),
("anything_else", AnythingElseForm),
("requirements", RequirementsForm),
]
# Dict to match up the right template with the right step. Keys here must
@ -163,6 +167,7 @@ TEMPLATES = {
"other_contacts": "application_other_contacts.html",
"security_email": "application_security_email.html",
"anything_else": "application_anything_else.html",
"requirements": "application_requirements.html",
}
# We need to pass our page titles as context to the templates, indexed
@ -178,6 +183,7 @@ TITLES = {
"other_contacts": "Other contacts for your domain",
"security_email": "Security email for public use",
"anything_else": "Anything else we should know?",
"requirements": "Requirements for registration and operation of .gov domains",
}

72
src/registrar/templates/application_requirements.html Normal file
View file

@ -0,0 +1,72 @@
<!-- Test page -->
{% extends 'application_form.html' %}
{% load widget_tweaks %}
{% block form_content %}
<p>The .gov domain exists to support a broad diversity of government missions and public initiatives. Generally, the .gov registry does not review or audit how government organizations use their domains.</p>
<p>However, misuse of an individual .gov domain can reflect upon the integrity of the entire .gov space. There are categories of misuse that are statutorily prohibited or abusive in nature.</p>
<h2>Prohibited activities for .gov domains</h2>
<h3>Commercial purposes </h3>
<p>A .gov domain must not be used for commercial purposes, such as advertising benefitting private individuals or entities.</p>
<h3>Political campaigns</h3>
<p>A .gov domain must not be used for political campaigns.</p>
<h3>Illegal content</h3>
<p>A .gov domain must not be used to distribute or promote material whose distribution violates applicable law.</p>
<h3>Malicious cyber activity </h3>
<p>.gov is a trusted and safe space. .gov domains must not distribute malware, host open redirects, or otherwise engage in malicious cyber activity.</p>
<h2>Required activities for .gov domain registrants </h2>
<h3>Keep your contact information update</h3>
<p>As a .gov domain registrant, maintain current and accurate contact information in the .gov registrar. We strongly recommend that you create and use a security contact.</p>
<h3>Be responsive if we contact you</h3>
<p>Registrants should respond in a timely manner to communications about required and prohibited activities.</p>
<h2>Domains can be suspended or terminated for violations</h2>
<p>The .gov program may need to suspend or terminate a domain registration for violations. Registrants should respond in a timely manner to communications about prohibited activities.</p>
<p>When we discover a violation, we will make reasonable efforts to contact a registrant, including:
<ul class="usa-list">
<li>Emails to domain contacts </li>
<li>Phone calls to domain contacts</li>
<li>Email or phone call to the authorizing official</li>
<li>Email or phone call to the government organization, a parent organization, or affiliated entities</li>
</ul>
</p>
<p>We understand the critical importance of the availability of .gov domains. Suspending or terminating a .gov domain is reserved only for prolonged, unresolved serious violations where the registrant is non-responsive. We will make extensive efforts to contact registrants and to identify potential solutions, and will make reasonable accommodations for remediation timelines proportional to the severity of the issue.</p>
<h2>HSTS preloading</h2>
<p>The .gov program will preload all newly registered .gov domains for HTTP Strict Transport Security (HSTS).</p>
<p>HSTS is a simple and widely-supported standard that protects visitors by ensuring that their browsers always connect to a website over HTTPS. HSTS removes the need to redirect users from http:// to https:// URLs. (This redirection is a security risk that HSTS eliminates.)</p>
<p>HSTS preloading impacts web traffic only. Once a domain is on the HSTS preload list, modern web browsers will enforce HTTPS connections for all websites hosted on the .gov domain. Users will not be able to click through warnings to reach a site. Non-web uses of .gov (email, VPN, APIs, etc.) are not affected.</p>
<h2>Acknowledgement of .gov domain requirements</h2>
<form id="step__{{wizard.steps.current}}" class="usa-form usa-form--large" method="post">
<div class="usa-form-group">
{{ wizard.management_form }}
{% csrf_token %}
<div class="usa-checkbox">
{{ wizard.form.agree_check|add_class:"usa-checkbox__input"}}
{{ wizard.form.agree_check|add_label_class:"usa-checkbox__label" }}
</div>
</div>
{{ block.super }}
</form>
{% endblock %}