-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nsqd: support POST auth #1487
nsqd: support POST auth #1487
Conversation
ready for review |
I am curious for folks feedback on if we should make |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for submitting this, just a few changes...
@mreiferson Updated per your feedback! Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
c3556fa
to
f162880
Compare
(I did some minor function renaming and squashed/renamed the commit for merge...) |
Adds simple config option and flag to allow for auth to occur via POST request in addition to GET. Rationale: Errors from net/http requests are bubbled to nsqd when there is an error during authentication, such as if the nsq authentication server is unavailable. These errors include the full path, including any GET parameter, thus causing the authentication secret to be logged. This does not occur by default for the POST body thus helping protect secrets in transit between nsqd and the authentication server.
f162880
to
0db445c
Compare
This adds support for POST based authentication in addition to GET based authentication.
As described in #1486, the default behavior of nsqd to to propagate upward any errors from
net/http
clients which leads to Secret's leakage if the authentication server is unavailble.