Move `host filtering` to a tower layer #868

lexnv · 2022-08-30T08:09:44Z

We have an access control filtering that verifies both the host and origin.

ACL requires the host to be present in the headers, while the origin is optional.
Both values are checked against an allow list, if they are not present in the allow list the
request is denied.

However, for HTTP 2.0 the host is part of the request's uri, see #866.

Move the access control filtering to a tower layer to make this feature optional.

The text was updated successfully, but these errors were encountered:

niklasad1 · 2022-09-20T07:52:38Z

Previously we had some something called AccessControl which did:

CORS / origin filtering
host filtering

The CORS part has been moved to tower http middleware so we don't have to bother with that anymore and a bunch of opinionated "white/blacklisted" headers.

The access control API is just called host filtering now which is the same as @lexnv stated ☝️ which could be implemented as tower middleware as well to make it optional.

niklasad1 mentioned this issue Sep 20, 2022

[server]: move host filtering to middleware #879

Closed

niklasad1 changed the title ~~Move access control filtering to a tower layer~~ Move host filtering to a tower layer Sep 20, 2022

niklasad1 mentioned this issue Aug 11, 2023

refactor(server): move host filtering to tower middleware #1179

Merged

niklasad1 closed this as completed in #1179 Aug 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Move `host filtering` to a tower layer #868

Move `host filtering` to a tower layer #868

lexnv commented Aug 30, 2022

niklasad1 commented Sep 20, 2022 •

edited

Loading

Move host filtering to a tower layer #868

Move host filtering to a tower layer #868

Comments

lexnv commented Aug 30, 2022

niklasad1 commented Sep 20, 2022 • edited Loading

Move `host filtering` to a tower layer #868

Move `host filtering` to a tower layer #868

niklasad1 commented Sep 20, 2022 •

edited

Loading