| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Célestin Matte <celestin(dot)matte(at)cmatte(dot)me> |
| Cc: | pgsql-www(at)lists(dot)postgresql(dot)org |
| Subject: | Re: [PATCH] pgarchives: Add host option for pglister_sync |
| Date: | 2025-01-23 19:31:53 |
| Message-ID: | CABUevEyXGiUWBDEB84gs9Nox1Wkqtj9RfwZmMUhjs82NLS2Ktg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Thu, Jan 23, 2025 at 3:48 PM Célestin Matte <celestin(dot)matte(at)cmatte(dot)me>
wrote:
> This patch makes it possible to define a 'host' parameter in order to
> override the Host header, to be able to properly query localhost.
>
> Context:
> I want to set up HTTP auth for a deployment of pgarchives.
> In order for pglister_sync to keep working, I need to either authenticate,
> or disable authentication for localhost.
> When using external URL, the request gets routed to apache using the
> server's external IP, which makes the 'localhost' whitelist fail.
> I prefer using the solution over authenticating, as it ensures queries get
> directly routed to localhost in the process.
>
Hi!
What "localhost whitelst" are you referring to here?
As for the patch, it seems like a really bad idea to silently turn off
https validation when you specify a hostname. Surely those are completely
independent things?
I honestly don't understand your described workload... Is your goal to have
http auth on all URLs except the /api/archive/<name>/lists/ endpoint from
localhost? Surely that's a matter of apache config rather than patching the
client?
And if you just want to change the hostname, can't you just edit the URL?
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jelte Fennema-Nio | 2025-01-23 20:27:43 | commitfest app: New process discussion & request for reviews |
| Previous Message | Joe Conway | 2025-01-23 15:05:00 | Re: Wikipage editor access |