b46b5dfb2a
HTTP headers like X-Forwarded-For or X-Real-Ip can be easily spoofed. As such, it cannot be used to test if the client IP is allowed. The recommendation is to use HTTP Basic authentication to protect the metrics endpoint, or run Miniflux behind a trusted reverse-proxy. |
||
---|---|---|
.. | ||
client | ||
cookie | ||
request | ||
response | ||
route |