diff options
| author | Ivan Tashkinov <ivantashkinov@gmail.com> | 2020-07-14 11:58:41 +0300 |
|---|---|---|
| committer | Ivan Tashkinov <ivantashkinov@gmail.com> | 2020-07-14 11:58:41 +0300 |
| commit | 9b225db7d86289fb9d9c51f62e6ec29f6c07f60d (patch) | |
| tree | d69a32b483f39e0b02419ce45b8a6b578666172a /docs/configuration | |
| parent | cf3f8cb72a46f0c8c798d4022cff442fae4ab401 (diff) | |
| download | pleroma-9b225db7d86289fb9d9c51f62e6ec29f6c07f60d.tar.gz pleroma-9b225db7d86289fb9d9c51f62e6ec29f6c07f60d.zip | |
[#1940] Applied rate limit for requests with bad `admin_token`. Added doc warnings on `admin_token` setting.
Diffstat (limited to 'docs/configuration')
| -rw-r--r-- | docs/configuration/cheatsheet.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index f796330f1..24b162ce7 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -815,6 +815,8 @@ or curl -H "X-Admin-Token: somerandomtoken" "http://localhost:4000/api/pleroma/admin/users/invites" ``` +Warning: it's discouraged to use this feature because of the associated security risk: static / rarely changed instance-wide token is much weaker compared to email-password pair of a real admin user; consider using HTTP Basic Auth or OAuth-based authentication instead. + ### :auth * `Pleroma.Web.Auth.PleromaAuthenticator`: default database authenticator. |