Skip to content

new recommended default: proxy allowed from localhost#989

Merged
slingamn merged 2 commits intoergochat:masterfrom
slingamn:proxy_allowed_localhost
May 7, 2020
Merged

new recommended default: proxy allowed from localhost#989
slingamn merged 2 commits intoergochat:masterfrom
slingamn:proxy_allowed_localhost

Conversation

@slingamn
Copy link
Copy Markdown
Member

@slingamn slingamn commented May 6, 2020

This is a pain point for websockets. Hard to see how it could cause any problems.

@slingamn slingamn added this to the v2.1 milestone May 6, 2020
@DanielOaks
Copy link
Copy Markdown
Member

DanielOaks commented May 7, 2020

Yeah this... makes sense. I'm always a bit paranoid about changes like this, but realistically the only way this could be 'exploited' is if someone is already on the same machine and can open connections, which is already a weird setup to have. In that sort of setup (like the tilde.* stuff), this would only give peeps the ability to give themselves weird fake hostnames anyway which'd be sniffed out right away.

I feel like this is fine. Buuuut maybe we should add a warn/info line to startup that says something along the lines of:

Proxying allowed from localhost

for specifically the case where localhost is allowed as is done here, to notify admins that happen to miss this config section.

@slingamn slingamn merged commit c426cc8 into ergochat:master May 7, 2020
@slingamn slingamn mentioned this pull request May 17, 2020
Closed
@slingamn slingamn deleted the proxy_allowed_localhost branch August 7, 2020 05:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v2.1

Development

Successfully merging this pull request may close these issues.

2 participants

@slingamn @DanielOaks