Error report endpoint

[MarioRadu]

The error report endpoint is not protected in any way, anyone can spam it with junk, junk that will be saved in log files.

@arhimede do we need this endpoint ? and why ?

[arhimede]

@kakapiciu Please write an explanatory article about that in dotkernel.com

[alexmerlin]

@arhimede Continuing on @MarioRadu's questions, we could at least add a domain whitelist to this feature. For example, in config/autoload/error-handling.global.php, under the error-report key, we could add a new configuration - domain_whitelist - where developers can store an array of domains that are allowed to write logs by calling this endpoint.

[arhimede]

Agree

Domains or ips or both

On February 27, 2023 2:09:00 PM UTC, Alex Karajos @.***> wrote:

@arhimede Continuing on @MarioRadu's questions, we could at least add a domain whitelist to this feature. For example, in config/autoload/error-handling.global.php, under the error-report key, we could add a new configuration - domain_whitelist - where developers can store an array of domains that are allowed to write logs by calling this endpoint.

-- Reply to this email directly or view it on GitHub: https://github.com/dotkernel/api/issues/146#issuecomment-1446386106 You are receiving this because you were mentioned.

Message ID: @.***>

[arhimede]

Please add a whitelist feature based on a token too

In case that the user is using a mobile app

[alexmerlin]

Please add a whitelist feature based on a token too

In case that the user is using a mobile app

@arhimede and @MarioRadu: If we implement token-based access to this feature, should we still keep the domain/IP whitelists? I find using tokens way more practical than using whitelists and I expect most apps to use only tokens.

[alexmerlin]

Fixed in #178 and #182