Open paulushcgcj opened 6 months ago
@paulushcgcj You're right, this is better. :+1:
Is this still relevant @DerekRoberts and @mishraomp?
What would be the benefit of doing this? I mean, the backend API will still be exposed if this is the concern. Another thing that can be problematic is the rate-limiting, so I was wondering about the relevance of this.
We can discuss that to evaluate if and when this issue can become some task to be worked on.
Is this still relevant @DerekRoberts and @mishraomp?
What would be the benefit of doing this? I mean, the backend API will still be exposed if this is the concern. Another thing that can be problematic is the rate-limiting, so I was wondering about the relevance of this.
We can discuss that to evaluate if and when this issue can become some task to be worked on.
The main advantage of removing the route to removing the exposure of the entire API.
for ex: if Caddy is proxying /api/***
endpoints, then only that gets exposed, other endpoints which are not /api/***
are still internal, which could be a good thing from security standpoint, if backend has multiple integrations.
@paulushcgcj It also prevents hard coding, which has been an issue on some projects. Like poiting their DEV PR instances at TEST or, worse still, PROD backends.
@paulushcgcj another point, if we remove the exposure to internet, then no need of CORS, which avoids the OPTIONS API call, means lower latency :)
cc @DerekRoberts
may be a ticket in the backlog to align this with QSOS , thoughts?
Originally posted by @mishraomp in https://github.com/bcgov/nr-forest-client/issues/829#issuecomment-1981676071