be9700-api: correct exposure/security note in description
This commit is contained in:
@@ -25,9 +25,11 @@ Every request to `/api/*` must carry:
|
||||
| `X-Router-Password` | Router admin password (for fresh sessions) |
|
||||
| `X-Router-Session` | Reuse a session token returned by a previous call (JSON) |
|
||||
|
||||
This means the container itself holds no secrets and is safe to expose via
|
||||
Traefik without any additional auth middleware — just use the API from clients
|
||||
that supply the headers.
|
||||
The container holds no stored secrets, but the `/api/*` surface controls your
|
||||
router and CORS is open — anyone who can reach the service and supply a valid
|
||||
router password can change router settings. Keep this app LAN-only unless you
|
||||
place an auth middleware (e.g. Traefik forward-auth / Authentik) in front of it
|
||||
before exposing it to the internet.
|
||||
|
||||
## Quick start
|
||||
|
||||
|
||||
Reference in New Issue
Block a user