The Wayback Machine - https://web.archive.org/web/20201007232550/https://github.com/PostHog/posthog/issues/1808
Skip to content

/ posthog

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable /preflight on deployed instances #1808

Open
paolodamico opened this issue Oct 4, 2020 · 2 comments
Open

Disable /preflight on deployed instances #1808

paolodamico opened this issue Oct 4, 2020 · 2 comments
Labels
Hacktoberfest good first issue

Comments

@paolodamico
Copy link
Collaborator

@paolodamico paolodamico commented Oct 4, 2020

Currently our preflight/ endpoint is accessible at any time, even after the instance has already been correctly deployed. We should remove these routes after the app has been deployed (i.e. at least one user has been created in the instance), to avoid potentially leaking some information about the instance's setup (as we add more functionality to this page). To accomplish this,

  • The _preflight/ route should be disabled altogether.
  • The preflight route should redirect to the route location (/) on the frontend.
@Twixes
Copy link
Contributor

@Twixes Twixes commented Oct 4, 2020

I think it'd actually be OK if /_preflight was available all the time, as it's not sensitive data. In fact we have endpoints /_health and /_stats as well, which don't differ much, so maybe it'd make sense to merge these three "underscore" endpoints into one /_status that'd contain relevant instance status information?
@J0
Copy link
Contributor

@J0 J0 commented Oct 7, 2020

Hi,

Can I take this issue as well?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Hacktoberfest good first issue
3 participants
@Twixes @paolodamico @J0
You can’t perform that action at this time.