-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
protecting routes /Post #5
Comments
There are two things here in play:
|
Thanks for your reply @diejmon ! I am not sure how HTTPS would solve the problem. I have the script live using HTTPS (Nginx revers proxy). I solved the static asset issue with Nginx and also the form Post but having to determine which IP can post is a mess ;) |
|
Sorry @diejmon some confusion from my part :)
Will see if i can fix and upgrade the http basic auth library. Of course any update you can do to the code is much welcome (I don't think that post endpoints are useful without authentication. Even if used for an API then everyone can post..). |
This is again not an issue just a request for clarification and/or a feature request :)
I am using ExpressSwift for a traditional CMS so we have an admin area where the admin can add/delete/edit pages.
So I faced two issues: one is proecting the routes and the second is limiting post requests to a certain user (or IP).
My workaround is not very elegant: I couldn't find a way to get basic auth to work with swift (e.g. https://github.com/jjb3rd/HttpBasicAuth this does not work).
So what I did is protecting the admin pages with pagecrypt. This doesn't solve the problem that if someone knows the "POST" route it can simply bypass all the protections. So as another not so elegant workaround I am restricting any post (on NGINX) to the admin IP.
In short: is there a way to protect routes e.g. with httpbasic auth or something similar?
Thanks!
The text was updated successfully, but these errors were encountered: