Comments (4)
jmattheis
commented on May 24, 2024
1
You can almost be 100% sure if you only try the /message api because the error description is probably unique and no other app uses it exactly like that. If you still want to do this block the UI paths via your reverse proxy from external access or compile gotify yourself without the ui part.
This isn't something that will be natively supported because you don't really gain anything.
from server.
jmattheis
commented on May 24, 2024
You don't get any additional security by limit access to the web ui. A potential attacker can do everything that's available in the WebUI and more through the API.
from server.
d03j
commented on May 24, 2024
currently people reaching gotify's port (e.g., through a reverse proxy mapping sub1.example.com to gotify) are able to tell what service is running. if you go straight to the API (e.g., sub1.example.com/message) you get a 401 in most cases and the health and version infos are a bit less helpful.
on a parallel note, does the app log http errors anywhere?
from server.
d03j
commented on May 24, 2024
ok, thanks. I'll close it as not planned. :)
from server.
Related Issues (20)
- Clickable notification title when click.url is set HOT 1
- Removal of disabled flag on Refresh button
- Can't get Apache 2.4.38 proxy with sub path to upgrade to websocket HOT 13
- Cannot login behind Traefik, but ip:port works fine HOT 4
- Unable to Login with default credentials HOT 4
- Assistance with json format for multiple message extras HOT 3
- Accept priority as string HOT 7
- Is it Possible to Only Use a URL to Forward Messages? HOT 2
- 401 when logging in via Caddy, but ip:port works HOT 8
- Use gotify as 2FA with messages extras HOT 1
- Configure app graylog to use gotify for notifcations HOT 5
- Filter by Message HOT 1
- Websocket stream per application HOT 1
- Support for X-Forwarded-Prefix HOT 2
- Android App Notification: Could not connect / Bad Request HOT 7
- curl syntax to verify application token HOT 3
- Plugins messages not displayed upon refresh of the message page, nor can they be deleted HOT 4
- Copy to clipboard not working with http HOT 1
- how about a new release? HOT 2
- [Enhancement]: Logging to show login attempts HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from server.