Closed captncraig closed 7 years ago
Yeah that's probably a good addition. I'll have to think about how best to handle it.
Protecting everything from the root on down and specifying the exceptions could work. Ideally, path
and except
should have similiar semantics. You'd want all child paths to have the same configuration as the parent, like:
jwt {
path /protected
except /public
}
Which would make /protected/secret
require the JWT and /public/anything
be open. To make that work with protecting everything starting at the root domain makes the actual root an inderminate special case, but you could add a specific directive like:
jwt {
path /
except /public
allowroot true
}
So that you're specifically allowing root access and you can handle that special case explicitly. Would that work?
This is implemented in version 2.3. Thanks for the idea.
Thanks!
Consider a case where I want to protect all paths except for the home page (
/
) and the login page.I want to do something like:
But this also protects the pages I want to be open. My only option is to explicitly define paths I want protected, which could be a bit of a pain. I feel like there should be a way to handle this across all directives, but I have not seen one.
What if I could do:
Or something like that?
/
is always an odd case, since forexcept
it needs to be an exact match, not a subpath. Thoughts?