Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth needed for gateway calls to /system/async-report #35

Closed
alexellis opened this issue Sep 4, 2018 · 1 comment · Fixed by #36 or openfaas/faas#854
Closed

Auth needed for gateway calls to /system/async-report #35

alexellis opened this issue Sep 4, 2018 · 1 comment · Fixed by #36 or openfaas/faas#854
Labels
hacktoberfest help wanted skill/intermediate

Comments

@alexellis
Copy link
Member

Expected Behaviour

The call to /system/async-report needs to be decorated with basic auth credentials.

Current Behaviour

It is open which is why no changes were needed, but this is invalid because someone could discover the gateway and post false statistics to this endpoint.

Possible Solution

  • Update docker-compose/helm/yaml to add the basic auth username/password to this component
  • Update the HTTP call to /system/async-reportto pass those secrets

Steps to Reproduce (for bugs)

  1. Deploy OpenFaaS with auth
  2. Post to gateway:port/system/async-report

Context

Found whilst doing a deeper code review on the faas/server entrypoint
@viveksyngh
Copy link
Contributor

viveksyngh commented Sep 4, 2018
edited
Loading

Derek assign: me

This was referenced Sep 6, 2018
Merged
Merged
@alexellis alexellis mentioned this issue Sep 17, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
hacktoberfest help wanted skill/intermediate
Projects
None yet
Milestone
No milestone
2 participants
@viveksyngh @alexellis