libre-service.eu/pad.libre-service.eu-etherpad

Fork 0

mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-08 03:02:03 +01:00

Commit graph

Author	SHA1	Message	Date
webzwo0i	c0baf05ee8	add github workflows	2020-11-22 23:00:59 +01:00
webzwo0i	ceb09ce99a	security: Support proxy with rate limiting and include CI test coverage for nginx rev proxy (#4373 ) Previously Etherpad would not pass the correct client IP address through and this caused the rate limiter to limit users behind reverse proxies. This change allows Etherpad to use a client IP passed from a reverse proxy. Note to devs: This header can be spoofed and spoofing the header could be used in an attack. To mitigate additional steps should be taken by Etherpad site admins IE doing rate limiting at proxy. This only really applies to large scale deployments but it's worth noting.	2020-10-01 10:39:01 +01:00

Author

SHA1

Message

Date

webzwo0i

c0baf05ee8

add github workflows

2020-11-22 23:00:59 +01:00

webzwo0i

ceb09ce99a

security: Support proxy with rate limiting and include CI test coverage for nginx rev proxy (#4373 )

Previously Etherpad would not pass the correct client IP address through and this caused the rate limiter to limit users behind reverse proxies.  This change allows Etherpad to use a client IP passed from a reverse proxy.

Note to devs: This header can be spoofed and spoofing the header could be used in an attack.  To mitigate additional *steps should be taken by Etherpad site admins IE doing rate limiting at proxy.*  This only really applies to large scale deployments but it's worth noting.

2020-10-01 10:39:01 +01:00

2 commits