diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2024-05-05 13:47:22 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2024-05-05 11:47:22 +0000 |
| commit | 6171dcbe5109d7accbf44f19c20c9f4a0ee5e06f (patch) | |
| tree | 9011f0050571f5a8c1c0e7bd90b74b2816dadd8a /docs | |
| parent | [frontend] Do optimistic update when approving/rejecting/suspending account (... (diff) | |
| download | gotosocial-6171dcbe5109d7accbf44f19c20c9f4a0ee5e06f.tar.xz | |
[feature] Add HTTP header permission section to frontend (#2893)
* [feature] Add HTTP header filter section to frontend
* tweak naming a bit
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/admin/request_filtering_modes.md | 4 | ||||
| -rw-r--r-- | docs/configuration/advanced.md | 19 |
2 files changed, 20 insertions, 3 deletions
diff --git a/docs/admin/request_filtering_modes.md b/docs/admin/request_filtering_modes.md index 78f5dfe77..e90a1f3a2 100644 --- a/docs/admin/request_filtering_modes.md +++ b/docs/admin/request_filtering_modes.md @@ -7,8 +7,6 @@ GoToSocial currently offers 'block', 'allow' and disabled HTTP request header fi HTTP request header filtering is also still considered "experimental". It should do what it says on the box, but it may cause bugs or edge cases to appear elsewhere, we're not sure yet! - Management via settings panel is TBA. Until then you will need to manage these directly via API endpoints. - ## Disabled header filtering mode (default) When `advanced-header-filter-mode` is set to `""`, i.e. an empty string, all request header filtering will be disabled. @@ -30,4 +28,4 @@ In allow mode, a block header filter can be used to override an existing allow f A request in allow mode will only be accepted if it is EXPLICITLY ALLOWED AND NOT EXPLICITLY BLOCKED. !!! danger - Allow filtering mode is an extremely restrictive mode that will almost certainly prevent many (legitimate) clients from being able to access your instance, including yourself. You should only enable this mode if you know exactly what you're trying to achieve.
\ No newline at end of file + Allow filtering mode is an extremely restrictive mode that will almost certainly prevent many (legitimate) clients from being able to access your instance, including yourself. You should only enable this mode if you know exactly what you're trying to achieve. diff --git a/docs/configuration/advanced.md b/docs/configuration/advanced.md index b97d8a6ba..88f4aff67 100644 --- a/docs/configuration/advanced.md +++ b/docs/configuration/advanced.md @@ -163,4 +163,23 @@ advanced-sender-multiplier: 2 # Example: ["s3.example.org", "some-bucket-name.s3.example.org"] # Default: [] advanced-csp-extra-uris: [] + +# String. HTTP request header filtering mode to use for this instance. +# +# "block" -- only requests that are explicitly blocked by header filters +# will be denied (unless they are also explicitly allowed). +# +# "allow" -- only requests that are explicitly allowed by header filters +# will be accepted (unless they are also explicitly blocked). +# This mode is considered experimental and will almost certainly +# break access to your instance unless you are very careful. +# +# "" -- request header filtering disabled. +# +# For more details on block and allow modes, check the documentation at: +# https://docs.gotosocial.org/en/latest/admin/request_filtering_modes +# +# Options: ["block", "allow", ""] +# Default: "" +advanced-header-filter-mode: "" ``` |