Add correct language for --rest-api-host-allowlist
#610
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
@rolfyone Please review |
joaniefromtheblock
force-pushed
the
update-allowlist-flag
branch
from
d770f2e to
801cb92
Compare
joaniefromtheblock
force-pushed
the
update-allowlist-flag
branch
from
801cb92 to
32d5213
Compare
|
|
||
| :::tip | ||
|
|
||
| To allow all hostnames, use "*". We don't recommend allowing all hostnames for production environments. |
There was a problem hiding this comment.
| To allow all hostnames, use "*". We don't recommend allowing all hostnames for production environments. | |
| To allow all hostnames, use "*". However, we don't recommend this for production environments. |
There was a problem hiding this comment.
Other parts of the doc use the original wording, so I repeated it for consistency. I think being more specific instead of using 'this' could be more helpful.
| This flag restricts the server's responding addresses, but not the client access. | ||
|
|
||
| By default, Teku's REST API server responds only to requests where the `Host` header matches `localhost` or `127.0.0.1`. | ||
| If you specify values, the server will only respond to requests where the `Host` header matches one of the specified hosts or IP addresses. |
There was a problem hiding this comment.
I have question: not yet clear to me whether the example above is necessary, i.e. the moment you add a specified value, you then override both defaults and need to provide these explicitly (as per the example line 2772 above) OR whether the example is providing unnecessary data which are served by default...?
There was a problem hiding this comment.
@m4sterbunny if they provide the option without values, they should get an error
docs/reference/rest.md
Outdated
| |---------------|-----------|-----------|--------| | ||
| | Listen on all IP addresses and allow all hosts | `rest-api-interface="0.0.0.0"` | `rest-api-host-allowlist=["*"]` | Enables connections from any address, such as `localhost` (`127.0.0.1`) or `10.0.0.1`. | | ||
| | Listen on a specific IP address (`10.0.0.1`) and allow all hosts | `rest-api-interface="10.0.0.1"` | `rest-api-host-allowlist=["*"]` | Only the specified IP (`10.0.0.1`) can connect, and attempts from `localhost` (`127.0.0.1`) will fail. | | ||
| | Listen on all IP addresses but allow only `localhost` | `rest-api-interface="0.0.0.0"` | `rest-api-host-allowlist=["127.0.0.1"]` | Only `localhost` (`127.0.0.1`) can connect; other IP addresses (e.g., `10.0.0.1`) will receive a 403 error. | |
There was a problem hiding this comment.
personally, I believe that e.g. is a win here vs longer options and would disregard vale, however, most reviewers seem very determined to see all these gone. WDYT?
Co-authored-by: m4sterbunny <[email protected]>
Fixes #599