diff options
| author | cel <cel@lOUVT+Phkvai9a/cCS/RKo+S9hnPAQdVixms/7ldpPA=.ed25519> | 2020-03-28 15:58:43 -0400 |
|---|---|---|
| committer | cel <cel@lOUVT+Phkvai9a/cCS/RKo+S9hnPAQdVixms/7ldpPA=.ed25519> | 2020-04-10 16:11:50 -0400 |
| commit | 9ad733614f9de494ff952b9c9f72b834bfb8252b (patch) | |
| tree | 470fdc2383d9606d8e1075bbb4d73d8a3b0affce /README.md | |
| parent | 5a719f74ab1963f17275e28ae0aa9779b4b1ec03 (diff) | |
| download | patchfoo-9ad733614f9de494ff952b9c9f72b834bfb8252b.tar.gz patchfoo-9ad733614f9de494ff952b9c9f72b834bfb8252b.zip | |
Restrict access based on Referer
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -123,6 +123,7 @@ To make config options persistent, set them in `~/.ssb/config`, e.g.: - `auth`: HTTP auth password. default: `null` (no password required) - `allowAddresses`: Array of IP addresses allowed to connect. default: `null` (allow any to connect). Note if host is `localhost` then this setting is useless. - `allowHosts`: Array of hostnames allowed that patchfoo may be connected at, or `*` to allow using any hostname. Default is to allow patchfoo's configured port, at patchfoo's configured host, `localhost`, `127.0.0.1` or `::1`. If hostname includes trailing colon without port, it means use patchfoo's server port. `*` for the port means allow connections at any port. If hostname begins with `.`, subdomains under it are allowed too. +- `trustedReferers`: Array of URL patterns allowed as base of HTTP Referers for POST & PUT requests to patchfoo, or `*` to allow any. Default is `http://` followed by patchfoo's host and port, or `localhost`, `127.0.0.1` or `[::1]` at patchfoo's port. Port may be wildcard (`*`) to allow any port, or blank (trailing `:`) for patchfoo's port. Subdomains can be allowed by beginning the hostname with a period (`.`). patchfoo subpaths which may contain arbitrary blob content are excluded from the set of allowed referers. - `filter`: Filter setting. `"all"` to show all messages. `"invert"` to show messages that would be hidden by the default setting. Otherwise the default setting applies, which is so to only show messages authored or upvoted by yourself or by a feed that you you follow. Exceptions are that if you navigate to a user feed page, you will see messages authored by that feed, and if you navigate to a message page, you will see that message - regardless of the filter setting. The `filter` setting may also be specified per-request as a query string parameter. - `showPrivates`: Whether or not to show private messages. Default is `true`. Overridden by `filter=all`. - `previewVotes`: Whether to preview creating votes/likes/digs (`true`) or publish them immediately (`false`). default: `false` |