New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent access to Fauxton on node-local port (5986) #1199
Conversation
handle_utils_dir_req(Req, _) -> | ||
send_method_not_allowed(Req, "GET,HEAD"). | ||
throw({forbidden, <<"The Fauxton interface is no longer available on the node-local port.">>}). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be indented one space further in, eg 4 spaces instead of 3.
+0.5 from me (after the WS nit). The approach seems fine, but I don't have strong enough opinions on removal of Fauxton from |
7f436cb
to
2b2c8ad
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this. How about printing a link to the cluster port URL? So users who make the mistake are a click away from where they want to be. I'd not suggest to redirect automatically, though, so users see what they got "wrong".
losing the CSP tests seems a bit unfortunate. |
These were only testing CSP on the node-local port anyway. I can port them to chttpd, give me a day or two. |
@janl Hm, if we bind chttpd to 0.0.0.0 it could be tricky to determine the right IP address to choose, 127.0.0.1 might not be visible if they are coming from outside (and mistakenly have bound httpd to 0.0.0.0 as well.) It'd sure be a nice to have, though. |
2b2c8ad
to
75d9bc5
Compare
@rnewson I've moved the CSP tests over to chttpd, where they should be anyway, and of course they pass with flying colours because we are awesome. :) |
Will help stop people shooting themselves in the foot and/or using node-local CouchDB as their "main" CouchDB port. Closes #1198
75d9bc5
to
6e6f152
Compare
@wohali good call, with a load balancer it gets even worse. |
Will help stop people shooting themselves in the foot and/or using
node-local CouchDB as their "main" CouchDB port.
I'll file a separate docs repo PR on this once this merges.
Test results:
Closes #1198