Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove backend route and use Caddy to route requests #842

Open
paulushcgcj opened this issue Mar 6, 2024 · 5 comments
Open

Remove backend route and use Caddy to route requests #842

paulushcgcj opened this issue Mar 6, 2024 · 5 comments
Assignees
@DerekRoberts @paulushcgcj
Labels
enhancement New feature or request github_actions Pull requests that update GitHub Actions code

Comments

@paulushcgcj
Copy link
Contributor 

          > > @mishraomp @paulushcgcj Backend route removed!

Please don't do that, reverting the route for now

may be a ticket in the backlog to align this with QSOS , thoughts?

Originally posted by @mishraomp in #829 (comment)
@DerekRoberts
Copy link
Member

@paulushcgcj You're right, this is better. 👍

@DerekRoberts DerekRoberts added github_actions Pull requests that update GitHub Actions code enhancement New feature or request labels Mar 6, 2024
@DerekRoberts DerekRoberts moved this from New to Backlog in DevOps (NR) Mar 6, 2024
@paulushcgcj
Copy link
Contributor Author

Is this still relevant @DerekRoberts and @mishraomp?

What would be the benefit of doing this? I mean, the backend API will still be exposed if this is the concern. Another thing that can be problematic is the rate-limiting, so I was wondering about the relevance of this.

We can discuss that to evaluate if and when this issue can become some task to be worked on.

@mishraomp
Copy link
Contributor

Is this still relevant @DerekRoberts and @mishraomp?

What would be the benefit of doing this? I mean, the backend API will still be exposed if this is the concern. Another thing that can be problematic is the rate-limiting, so I was wondering about the relevance of this.

We can discuss that to evaluate if and when this issue can become some task to be worked on.

The main advantage of removing the route to removing the exposure of the entire API.
for ex: if Caddy is proxying /api/*** endpoints, then only that gets exposed, other endpoints which are not /api/*** are still internal, which could be a good thing from security standpoint, if backend has multiple integrations.

@DerekRoberts
Copy link
Member

@paulushcgcj It also prevents hard coding, which has been an issue on some projects. Like poiting their DEV PR instances at TEST or, worse still, PROD backends.

@mishraomp
Copy link
Contributor

@paulushcgcj another point, if we remove the exposure to internet, then no need of CORS, which avoids the OPTIONS API call, means lower latency :)

cc @DerekRoberts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DerekRoberts DerekRoberts

@paulushcgcj paulushcgcj

Labels
enhancement New feature or request github_actions Pull requests that update GitHub Actions code
Projects
DevOps (NR)
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DerekRoberts @paulushcgcj @mishraomp