miniflux

History

Frédéric Guillot b46b5dfb2a Use r.RemoteAddr to check /metrics endpoint network access HTTP headers like X-Forwarded-For or X-Real-Ip can be easily spoofed. As such, it cannot be used to test if the client IP is allowed. The recommendation is to use HTTP Basic authentication to protect the metrics endpoint, or run Miniflux behind a trusted reverse-proxy.	2023-03-11 20:53:12 -08:00
..
httpd	Use r.RemoteAddr to check /metrics endpoint network access	2023-03-11 20:53:12 -08:00
scheduler	Fix some linter issues	2022-08-08 22:06:38 -07:00

Frédéric Guillot b46b5dfb2a Use r.RemoteAddr to check /metrics endpoint network access

HTTP headers like X-Forwarded-For or X-Real-Ip can be easily spoofed. As
such, it cannot be used to test if the client IP is allowed.

The recommendation is to use HTTP Basic authentication to protect the
metrics endpoint, or run Miniflux behind a trusted reverse-proxy.

2023-03-11 20:53:12 -08:00

httpd

Use r.RemoteAddr to check /metrics endpoint network access

2023-03-11 20:53:12 -08:00

scheduler

Fix some linter issues

2022-08-08 22:06:38 -07:00