-
https://prometheus.io/docs/operating/security/#security-model is somewhat out of date WRT TLS and basic auth support.
I also think that the assumptions about how to handle `/metrics` endpoints shou…
-
### Describe the bug
I'm trying to migrate the Quarkus resteasy dependencies to rest (reactive).
My app needs accept SOAP server calls and perform SOAP client calls.
The SOAP payload contains securit…
-
Spring Security 5.8/6 supports delaying the lookup of the `SecurityContext` until an authorization rule requires it.
As such, it's preferred to use `authorizeHttpRequests#permitAll` over `web.igno…
-
More context: paYKcK-5B6-p2
In the migration flow, when users request authorization for the Application Password, they are redirected back to WordPress.com after confirming their request. In this cas…
-
**Is your feature request related to a problem? Please describe.**
I understand that a recent change was made to move from access tokens to rotating API keys to enhance the security of the Microsoft …
-
I see your /contact endpoint is public because you need access to request and send the email from your application.
In that way, everybody has access to do the same. Everybody can request directly yo…
-
The default WebSocket endpoint `ws://localhost:8031/ws` accepts unauthorized connections, which allows rough clients to create large numbers of connections and such slowing the agent down (i.e. DOS at…
-
In this [section](https://github.com/bartbutenaers/Node-RED-Tailscale-Tutorial/blob/main/docs/extend_reverse_proxy.md#access-the-node-red-dashboard) of the tutorial it is described how to avoid a logi…
-
I'm looking through our current `register_endpoints` code and am trying to document why multiple endpoints exist and why we need each cluster. So far:
```python
async def register_endpoints(se…
-
### Prerequisites
- [ ] I have searched for similar issues in open and closed tickets and cannot find a duplicate.
- [X] I have troubleshooted my issue, and it still exists against the latest stab…