Comments (6)
Secure way to allow http:// and https:// without allowing URL prefixes or port suffixes:
"^(tcp|ssl)://example\.org:80$"
instead of "example.org:80"
Allow any port without allowing TLD suffixes (e.g. .orgy
instead of .org
):
"^tcp://example\.org:"
instead of "^tcp://example\.org"
user:pass@
not supported it seems:
require("internal").download("http://user:[email protected]:80")
Could not connect to 'http+tcp://user:0
from docs.
Should we specify the behavior and cases we want? Otherwise we come up with the next half-baked solution. And I would be in favor of dropping all the tcp+ssl
nonsense and just support http
, https
, h2
,h2c
, vst
, vst(s|c)
like it is done in any other application. Yes It may be a breaking change and some people will have to fix some URLs. "But it has always been like that!" should not keep us from improving and having nice things.
from docs.
If no port specified in whitelist argument then it doesn't seem to match anything under Windows. Seems to work under Linux though, but needs retesting.
Can't reproduce it in v3.6.1 under Windows. It's possible that I specified the endpoint option with http://
instead of tcp://
, in which case I expect that no address at all matches because it will be compared against tcp://
internally I suppose.
Need to add cross-references to arangod option pages to
https://www.arangodb.com/docs/stable/security-security-options.html#endpoint-access
from docs.
@ObiWahn I would like to see the protocol mess cleaned up, but that seems like a 4.0 project.
I'm really confused right now because the following doesn't work with 3.6.1 under Windows:
arangosh --javascript.endpoints-whitelist "ssl://arangodb\.com:443" --log.level security=debug
internal endpoints whitelist:(ssl://arangodb.com:443)
require("internal").download("https://arangodb.com:443")
(also without :443)
stacktrace: ArangoError: not allowed to connect to this endpoint 😕
from docs.
Looks like the implementation was changed? https://
instead of ssl://
and the port is apparently no appended internally anymore?
from docs.
At least ssl://
seems buggy but http://
and https://
are now accepted and can be used to match URL paths as well.
from docs.
Related Issues (20)
- Document supported hardware architectures HOT 1
- [Guide Not Working] :: Create an ArangoDB cluster on Microsoft Azure HOT 1
- Iterate example doesn't include iterate method HOT 3
- typo: forceForceHint HOT 1
- ArangoDeployment spec.architecture missing from docs HOT 7
- Mac Homebrew Install Location changed for M1 & M2 models HOT 1
- Missing docs for `DATE_ISOWEEKYEAR()` HOT 1
- Why was the AQL tutorial removed? HOT 1
- Fulltext functions documentation deprectation HOT 1
- JS Transaction needs sentence restructure HOT 1
- Wrong description: graph.edgeCollectionName.save(from, to, data, options) HOT 1
- AQL documentation mistakenly states empty arrays & objects are falsy HOT 1
- Typo in examples / join HOT 1
- Offline tarball for built docs HOT 2
- Python async driver HOT 2
- Atomicity is not clear enough HOT 4
- Redirect loop documentation HOT 1
- Documentation mentions that API is a public API and does not require user authentication HOT 1
- ArangoSearch FuzzySearch misleading analyzer example. HOT 2
- The unit for lockTimeout option is not specified in the HTTP documentation HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docs.