Closed shaqq closed 9 years ago
I guess what I was thinking with this was that we would just use different ENV
vars for the "new way". So the old HEADER_PASSWORD
/ HEADER_PASSWORDS
pattern would still be backwards compatible. The new way would use something more descriptive like ALLOWED_HEADER_PASSWORDS
and SENT_HEADER_PASSWORDS
, or something like that. Naming is open for discussion.
I also don't think the 2 password limit is necessary. It would have to be a very large list of passwords for it to really matter.
i completely forgot about that. closing this PR and opening a new one.
@bellycard/platform @darbyfrey @danielmackey
This is allows us to have a way to switch the HEADER_PASSWORD easily.
This also might be a breaking change if you use a HEADER_PASSWORD that has a comma in it. Let me know if that's the case.
Let me know how you feel about the
possible_passwords
being limited to 2 choices. I figured it'd be a bad idea to allow a large number ofpossible_passwords
being passed.