-
Notifications
You must be signed in to change notification settings - Fork 505
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/debug/pprof/ this api un auth #2286
Comments
@qq54903099 Thansk for your comment, we will check it. |
ref : apisix-dashboard/api/internal/filter/authentication.go Lines 30 to 37 in 131601d
path : /debug/pprof omited the auth check, by design? I'd be happy to fix it if you want |
@jwrookie You are right! Welcome to pr. |
can i base on cookie to fast fix it? |
I'm not sure how do you want to do, can you give some example ? |
currently, |
Got it. |
@jwrookie . You can submit a PR to accomplish your idea, and other community member will review your code. |
droplet nonsupport set cookie 😥 |
Maybe we can add a configuration item that is turned off by default, I don't think the pforf API is very meaningful for dashboard. I.e., turn off this API by default and turn it on by modifying the configuration when you need to use it. |
but at turn it on, the problem will reproduce |
Hi, community. IMO, since this interface is very rarely used, I suggest removing pprof and adding one manually for debugging if needed in development. |
And I'm glad to contribute this issue. |
If it is not connected to |
Issue description
/debug/pprof/ 未登录的情况下可以直接访问
Expected behavior
/debug/pprof/ 未登录不能访问
How to Reproduce
curl localhost:9000/debug/pprof/
Screenshots
No response
Environment
apisix version
):uname -a
):nginx -V
oropenresty -V
):etcd --version
):Additional context
No response
The text was updated successfully, but these errors were encountered: