miniflux/http/request
Frédéric Guillot b46b5dfb2a Use r.RemoteAddr to check /metrics endpoint network access
HTTP headers like X-Forwarded-For or X-Real-Ip can be easily spoofed. As
such, it cannot be used to test if the client IP is allowed.

The recommendation is to use HTTP Basic authentication to protect the
metrics endpoint, or run Miniflux behind a trusted reverse-proxy.
2023-03-11 20:53:12 -08:00
..
client_ip.go Use r.RemoteAddr to check /metrics endpoint network access 2023-03-11 20:53:12 -08:00
client_ip_test.go add support for ipv6 with zone index 2021-02-07 15:57:40 -08:00
context.go Add Google Reader API implementation (experimental) 2022-01-02 19:45:12 -08:00
context_test.go Change default theme to "system_serif" 2020-03-19 20:53:53 -07:00
cookie.go Improve request package and add more unit tests 2018-09-23 21:02:26 -07:00
cookie_test.go Improve request package and add more unit tests 2018-09-23 21:02:26 -07:00
doc.go Fix some linter issues 2022-08-08 22:06:38 -07:00
params.go Fix incorrect conversion between integer types 2022-01-19 21:23:56 -08:00
params_test.go Improve request package and add more unit tests 2018-09-23 21:02:26 -07:00