feat(api): add support for local management password validation and spoofed IP rejection
- Introduced `newTestServerWithOptions` to customize server initialization in tests. - Added `TestManagementLocalPasswordRejectsSpoofedForwardedFor` to validate security against spoofed `X-Forwarded-For` headers. - Enabled default WebSocket authentication (`ws-auth`) in `config.example.yaml`. - Disabled trusted proxy headers in Gin engine with appropriate logging to enhance security.
This commit is contained in:
Luis Pater
+1
-1
@@ -143,7 +143,7 @@ routing:
|
||||
session-affinity-ttl: "1h"
|
||||
|
||||
# When true, enable authentication for the WebSocket API (/v1/ws).
|
||||
ws-auth: false
|
||||
ws-auth: true
|
||||
|
||||
# When true, enable Gemini CLI internal endpoints (/v1internal:*).
|
||||
# Default is false for safety.
|
||||
|
||||
Reference in New Issue
Block a user