Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API: Allowed domains #72

Closed
jbrooksuk opened this issue Dec 15, 2014 · 2 comments
Closed

API: Allowed domains #72

jbrooksuk opened this issue Dec 15, 2014 · 2 comments
Labels
Enhancement Security Issues with security in Cachet
Milestone
V1.0.0

Comments

@jbrooksuk
Copy link
Member

For security we could allow the API to only be accessed from certain domains. This could simply be a textarea which you write domains on a new line and restricts requests based on the Origin and Referer headers.

Leaving it empty would open the API to anyone (with authentication).
@jbrooksuk jbrooksuk added Enhancement Security Issues with security in Cachet labels Dec 15, 2014
@ilikeprograms
Copy link
Contributor

Disallowed domains would also be a good idea aswell. So you can block based on the Origin/Referer.

jbrooksuk added a commit that referenced this issue Dec 18, 2014
@jbrooksuk
Part of #72, textareas in settings for API domains
e683e19
@jbrooksuk jbrooksuk modified the milestone: First Release (v1.0.0) Dec 20, 2014
@jbrooksuk
Copy link
Member Author

@ilikeprograms there doesn't seem to be a deny syntax like Access-Control-Allow-Origin, how do you propose blocking?

@TheoBearman TheoBearman mentioned this issue Feb 1, 2016
Closed
@tim-keller tim-keller mentioned this issue Apr 20, 2016
Closed
3 tasks
@karthik-22feb karthik-22feb mentioned this issue Aug 23, 2016
Closed
@efriel efriel mentioned this issue May 30, 2017
Closed
@bwalker-telstra bwalker-telstra mentioned this issue Jun 7, 2017
Closed
@MarcinOrlowski MarcinOrlowski mentioned this issue Sep 11, 2017
Closed
@raffus raffus mentioned this issue Mar 22, 2018
Closed
@danielmclements danielmclements mentioned this issue Mar 29, 2018
Closed
This was referenced Jun 22, 2018
Closed
Closed
@LordCheta LordCheta mentioned this issue Jul 4, 2018
Closed
@melvinlemoine melvinlemoine mentioned this issue Nov 23, 2018
Closed
@Joe-K2018 Joe-K2018 mentioned this issue Jan 15, 2019
Closed
@tychovbh tychovbh mentioned this issue May 27, 2019
Closed
@astrakid astrakid mentioned this issue Feb 17, 2020
Closed
@joschiservice joschiservice mentioned this issue May 29, 2020
Closed
@DarkShoro DarkShoro mentioned this issue Nov 27, 2020
Closed
@astrakid astrakid mentioned this issue Apr 27, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement Security Issues with security in Cachet
Projects
None yet
Milestone
V1.0.0
Development

No branches or pull requests
2 participants
@jbrooksuk @ilikeprograms