Why forcing filenames to have APP_FORM_KEY name ? #28
Comments
|
Well, to tell the truth I can't remember what was the reason .... ;) Using reverse proxy in front of CRA is rather better idea than direct requests. You probably will have more than one instance of CRA in your production environment so you will need balancer in front of it (in k8s you will have deployment with many replicas, service "above" it and ingress at the highest level) anyway. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello @benzino77,
I was wondering if there is any specific reason to only scan files with APP_FORM_KEY name ?
There is a use case of your project where we could use it to scan uploaded files to a web (HTTP) app. A reverse proxy can intercept the request and send it back to the CRA if there is at least one uploaded file. But then we need to edit the requests on the fly to replace filenames with APP_FORM_KEY (that will consume resources on the reverse proxy). A pragmatic way of doing it would be to copy (or even better stream) the client request directly to CRA.
Something like that should do the trick :
Let me know what you think.
The text was updated successfully, but these errors were encountered: