New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
REQUEST now supports POST #588
Conversation
If the backend handles the POST requests, wouldn't a malicious user be able to execute commands to other services with the IP of the server? (making a security breach) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks about right, some comments, thanks @johncant.
My main concern is whether this could come as a surprise to other Grist self-hosters. GRIST_EXPERIMENTAL_PLUGINS
would need a stronger warning now I think, since turning it on will result in a quite exploitable system (especially if GRIST_HTTPS_PROXY
is not set to at least protect internal endpoints). Perhaps a new flag would be the way to go, for example a separate GRIST_ENABLE_REQUEST_FUNCTION
? I'd be ok with surprising some users with the method stopping working until they find and enable this flag - the existing "experimental" flag suggests flux is possible.
Yes, although it depends on who can access your Grist and what internal endpoints are accessible from the Grist backend. Also true for GET requests, but this PR widens the potential for damage. I'd agree that @paulfitz @alexmojaki I could implement when I have time, also address your comments. |
I didn't know the function were disabled by default. That solves my main concern :).
I wonder if there wouldn't be a way to name this function to be future-proof, in case other possibly-harmful functions would be introduce (unless you say it's much probably the only function of that sort). In that case, I would suggest to introduce a variable whose value would not be a boolean but a list of function names ( Though I am not sure about how to name them ( |
It makes no difference to me either way - will go with |
At Grist Labs we are not planning on introducing several functions like this. |
@paulfitz this makes sense - I can't imagine a way of making REQUEST work in an environment where the users aren't trusted and could be naive and expect speed, that doesn't involve a lot of complexity. It's a killer feature though for integrating Grist with things, so thanks a lot! This PR is now ready to be re-reviewed. I've manually tested that |
|
Co-authored-by: Alex Hall <alex.mojaki@gmail.com>
Ok - this PR is now ready for re-re-review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks! @paulfitz are you satisfied?
Yup, thank you both! |
The experimental REQUEST function now supports any HTTP method.
This makes sense if