Open justinwhite opened 3 years ago
Twilio supports HTTP Basic and Digest Authentication but not Bearer [1], as required for Cloud Run.
This means users have to allow unauthenticated requests to use the Twilio Proxy.
Can we enable request validation [2] to reduce the security impact of this?
[1] https://www.twilio.com/docs/usage/security#http-authentication [2] https://www.twilio.com/docs/usage/security#validating-requests
Twilio supports HTTP Basic and Digest Authentication but not Bearer [1], as required for Cloud Run.
This means users have to allow unauthenticated requests to use the Twilio Proxy.
Can we enable request validation [2] to reduce the security impact of this?
[1] https://www.twilio.com/docs/usage/security#http-authentication [2] https://www.twilio.com/docs/usage/security#validating-requests