Local requests are not allowed by default

serilog-contrib / serilog-ui

Simple Serilog log viewer UI for several sinks.

MIT License

224 stars 42 forks source link

Local requests are not allowed by default #152

Closed mo-esmp closed 3 weeks ago

mo-esmp commented 3 weeks ago

Based on documentation, local requests should be allowed on a local environment:

By default, serilog-ui allows access to the log page only for local requests. To give appropriate rights for production use, you need to configure authorization

But it's not working if AddScopedAuthorizeLocalRequestsAuthFilter is not registered.

.AddSerilogUi(options => {
    options.AddScopedAuthorizeLocalRequestsAuthFilter();
   ...
}

Is my assumption correct? If yes, let's update the wiki.

followynne commented 3 weeks ago

@mo-esmp

you're reading v2 documentation, which is correct as it is.

For v3/latest, the correct page is: https://github.com/serilog-contrib/serilog-ui/wiki/Configure#authorization