be9700-api: correct exposure/security note in description
This commit is contained in:
@@ -25,9 +25,11 @@ Every request to `/api/*` must carry:
|
|||||||
| `X-Router-Password` | Router admin password (for fresh sessions) |
|
| `X-Router-Password` | Router admin password (for fresh sessions) |
|
||||||
| `X-Router-Session` | Reuse a session token returned by a previous call (JSON) |
|
| `X-Router-Session` | Reuse a session token returned by a previous call (JSON) |
|
||||||
|
|
||||||
This means the container itself holds no secrets and is safe to expose via
|
The container holds no stored secrets, but the `/api/*` surface controls your
|
||||||
Traefik without any additional auth middleware — just use the API from clients
|
router and CORS is open — anyone who can reach the service and supply a valid
|
||||||
that supply the headers.
|
router password can change router settings. Keep this app LAN-only unless you
|
||||||
|
place an auth middleware (e.g. Traefik forward-auth / Authentik) in front of it
|
||||||
|
before exposing it to the internet.
|
||||||
|
|
||||||
## Quick start
|
## Quick start
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user