Commit graph

4 commits

Author SHA1 Message Date
Frédéric Guillot
b46b5dfb2a Use r.RemoteAddr to check /metrics endpoint network access
HTTP headers like X-Forwarded-For or X-Real-Ip can be easily spoofed. As
such, it cannot be used to test if the client IP is allowed.

The recommendation is to use HTTP Basic authentication to protect the
metrics endpoint, or run Miniflux behind a trusted reverse-proxy.
2023-03-11 20:53:12 -08:00
y0ast
05fd83bd6f add support for ipv6 with zone index 2021-02-07 15:57:40 -08:00
Frédéric Guillot
9f85f67031 Make sure the remote address is populated even when using unix socket 2018-11-11 16:42:30 -08:00
Frédéric Guillot
9d08139f43 Improve request package and add more unit tests 2018-09-23 21:02:26 -07:00