You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Workflow servers must be protected by requiring credentials to be sent with incoming HTTP requests if they are to be used in production and exposed to the Internet. Anyone can do this today by using ASP.NET Core's security middleware. So far so good.
However, when the Elsa Server is protected, the Elsa Dashboard will no longer work since it does not send any credentials when making HTTP requests.
Since the implementer might implement any sort of security on the backend, the frontend should not (and cannot) have any opinions about sending specific credentials.
Instead, this is the responsibility of the application that hosts the Elsa Dashboard.
The Solution
To allow the application to provide security credentials, the Elsa Dashboard should provide an extension point that the application can use in order to send along security credentials with outgoing requests.
A simple & elegant solution is to simply publish an event once the Axios configuration object has been created. This allows the application to further configure it, such as adding an authorization header with a token.
The text was updated successfully, but these errors were encountered:
The Problem
Workflow servers must be protected by requiring credentials to be sent with incoming HTTP requests if they are to be used in production and exposed to the Internet. Anyone can do this today by using ASP.NET Core's security middleware. So far so good.
However, when the Elsa Server is protected, the Elsa Dashboard will no longer work since it does not send any credentials when making HTTP requests.
Since the implementer might implement any sort of security on the backend, the frontend should not (and cannot) have any opinions about sending specific credentials.
Instead, this is the responsibility of the application that hosts the Elsa Dashboard.
The Solution
To allow the application to provide security credentials, the Elsa Dashboard should provide an extension point that the application can use in order to send along security credentials with outgoing requests.
A simple & elegant solution is to simply publish an event once the Axios configuration object has been created. This allows the application to further configure it, such as adding an authorization header with a token.
The text was updated successfully, but these errors were encountered: