What is actually .well-known folder?

If you built a website, you have already seen .well-known path but I claim that you do not know what it is and why it is there. 🙂

When you setup a website on cpanel or pleks and then access to file system of the website, there is a folder or path that is called .well-known.

We are familiar with the name but most of us don’t care what it is actually.

What is .well-known folder?

.well-known folder or path name is about giving reference to your website or app from other services. To illustrate, when you visit password manager inside chrome browser for a specific website and click to change password, it redirects you to website’s .well-known/change-password page. If the website that you want to change your password is already handled, you will be automatically redirected to website’s password change page. If not, as a user you will be disappointed.

How should we handle .well-know/change-password route?

There are actually 2 ways to handle this.

Redirecting the path to desired page

Assume that we have auth/forget-password page that enables user to change their password on our app. We just need to set our server to redirect requests from .well-known/change-password path to auth/forget-password page.

Redirecting via giving a response with 302, 303 or 307 status code can be accepted.

302 Status Code – Found

303 Status Code – See Other

307 Status Code – Temporary Redirect

Serving via HTML

You can simply add this meta tag in html file that is located .well-known/change-password path, the route will redirect users to desired page.

<meta http-equiv="refresh" content="0;url=https://example.com/auth/forget-password">

The .well-known/change-password practice is accepted by nearly entire web world. You can improve user experience on your web apps so that real users can access password change page properly from redirecting password managers or browsers to your app.

How do we test .well-known/change password function?

Simply copy and paste this chrome://settings/passwords/ URL in your chrome browser. And then click to change password button in right-hand side of any saved password. The button will redirect user to website’s password change page. (of course if it is already setup 🙂 )

Furthermore, there are lots of .well-known folder practices and you can check them out here as we add step by step.

We list important but not known technical updates here in our software world updates page. You can follow new improvements and updates in software world.