Closed MarioRadu closed 1 year ago
@kakapiciu Please write an explanatory article about that in dotkernel.com
@arhimede Continuing on @MarioRadu's questions, we could at least add a domain whitelist to this feature.
For example, in config/autoload/error-handling.global.php, under the error-report
key, we could add a new configuration - domain_whitelist
- where developers can store an array of domains that are allowed to write logs by calling this endpoint.
Agree
Domains or ips or both
On February 27, 2023 2:09:00 PM UTC, Alex Karajos @.***> wrote:
@arhimede Continuing on @MarioRadu's questions, we could at least add a domain whitelist to this feature. For example, in config/autoload/error-handling.global.php, under the
error-report
key, we could add a new configuration -domain_whitelist
- where developers can store an array of domains that are allowed to write logs by calling this endpoint.-- Reply to this email directly or view it on GitHub: https://github.com/dotkernel/api/issues/146#issuecomment-1446386106 You are receiving this because you were mentioned.
Message ID: @.***>
Please add a whitelist feature based on a token too
In case that the user is using a mobile app
Please add a whitelist feature based on a token too
In case that the user is using a mobile app
@arhimede and @MarioRadu: If we implement token-based access to this feature, should we still keep the domain/IP whitelists? I find using tokens way more practical than using whitelists and I expect most apps to use only tokens.
Fixed in #178 and #182
The error report endpoint is not protected in any way, anyone can spam it with junk, junk that will be saved in log files.
@arhimede do we need this endpoint ? and why ?