Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] fix: Fix the auth proxy trust by ensuring the proxy is in the trust #499

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

twk3
Copy link
Contributor

@twk3 twk3 commented Nov 9, 2024

TODO: update docs

Fixes: #371
Fixes: #392

- Validate that the closest peer to the express server is trusted proxy
- Add a new trustedAuthProxies config to eventually be used for this
- Add a allowedLoginMethod config to enable fully disabling header auth
@actual-github-bot actual-github-bot bot changed the title fix: Fix the auth proxy trust by ensuring the proxy is in the trust [WIP] fix: Fix the auth proxy trust by ensuring the proxy is in the trust Nov 9, 2024
@twk3
Copy link
Contributor Author

twk3 commented Nov 9, 2024

@tuetenk0pp let me know if this solves the issue you were running into. By default your local proxy should be trusted, but you can refine it. We are only checking the closest peer, so if your auth proxy is further out than that, it's up to you to configure your closest peer proxy to only accept the header from a proxy you trust.

This matches the behaviour of the project I had initially suggested as a reference during the original feature which is https://github.com/BeryJu/hass-auth-header

@tuetenk0pp
Copy link

@twk3 I am very busy at the moment and not able to test the PR. I will test it once I find some time to spend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
2 participants