pad.pub0.org

Commit Graph

Author	SHA1	Message	Date
Richard Hansen	b8d07a42eb	lint: Run `eslint --fix` on `bin/` and `tests/`	2020-11-24 20:06:12 +00:00
webzwo0i	ceb09ce99a	security: Support proxy with rate limiting and include CI test coverage for nginx rev proxy (#4373 ) Previously Etherpad would not pass the correct client IP address through and this caused the rate limiter to limit users behind reverse proxies. This change allows Etherpad to use a client IP passed from a reverse proxy. Note to devs: This header can be spoofed and spoofing the header could be used in an attack. To mitigate additional steps should be taken by Etherpad site admins IE doing rate limiting at proxy. This only really applies to large scale deployments but it's worth noting.	2020-10-01 10:39:01 +01:00

Author

SHA1

Message

Date

Richard Hansen

b8d07a42eb

lint: Run `eslint --fix` on `bin/` and `tests/`

2020-11-24 20:06:12 +00:00

webzwo0i

ceb09ce99a

security: Support proxy with rate limiting and include CI test coverage for nginx rev proxy (#4373 )

Previously Etherpad would not pass the correct client IP address through and this caused the rate limiter to limit users behind reverse proxies.  This change allows Etherpad to use a client IP passed from a reverse proxy.

Note to devs: This header can be spoofed and spoofing the header could be used in an attack.  To mitigate additional *steps should be taken by Etherpad site admins IE doing rate limiting at proxy.*  This only really applies to large scale deployments but it's worth noting.

2020-10-01 10:39:01 +01:00

2 Commits (747f3235520d97e0e1ee6112970781b2e8176cce)