ierceg
commented
7 years ago I'm moving this to configurable engines milestone to prevent config data leaking if lazy is running on a public server.
Closed ierceg closed 7 years ago
ierceg
commented
7 years ago I'm moving this to configurable engines milestone to prevent config data leaking if lazy is running on a public server.
Currently lazy listens to both internal and external requests on the same port and with the same ExpressJS engine. It could be useful to separate such external (e.g. POST /file) and internal (e.g. GET /config) requests in order to prevent data leakage (e.g. why would an external client need to know configuration of an engine?) This might be solved by using ExpressJS routers (refusing to serve external clients for routes that are created in internal router) or by creating two ExpressJS apps listening on different ports (so only one port is exposed to the external world while the other is only visible from lazy network)