Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mux in a global state #45

Closed
j opened this issue Jul 11, 2014 · 1 comment
Closed

mux in a global state #45

j opened this issue Jul 11, 2014 · 1 comment

Comments

@j
Copy link

j commented Jul 11, 2014

Just rising a concern real quick (I'm sorta new to Go, so bear with me ;)).

I noticed that the mux in default.go is global. My concern is if one of my dependencies uses mux, can they expose routes to my app? How potentially "unsafe" is it since the goji mux is global?

Is it safer just to usegithub.com/zenazn/goji/web directly?

PS. great work.
@zenazn
Copy link
Owner

zenazn commented Jul 11, 2014

Yeah, they'd be able to expose routes to your app. But people would already be able to do this using net/http, which the top-level goji package also goes through.

Many people actually want this behavior explicitly. For instance, it means that the net/http /debug/ endpoints work as expected. It's your responsibility to block these in nginx (or similar) if you don't want to expose them to the world.

It's not "unsafe" in the thread safety sense, in the off chance that's what you mean. I'm pretty sure Goji is entirely thread-safe.

But if you want to completely control your mux and all its routes, I'd definitely instantiate it yourself.

@zenazn zenazn closed this as completed Jul 23, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zenazn @j