joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Restrict use of masterKey to localhost by default (#8281)

Browse Source 
BREAKING CHANGE: This release restricts the use of `masterKey` to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281)
This commit is contained in:
dblythy
2022-11-11 13:24:48 +11:00
committed by GitHub
parent 7336afc562
commit 6c16021a1f
10 changed files with 98 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Options/Definitions.js
View File

@@ -302,9 +302,10 @@ module.exports.ParseServerOptions = {
},
masterKeyIps: {
env: 'PARSE_SERVER_MASTER_KEY_IPS',
help: 'Restrict masterKey to be used by only these ips, defaults to [] (allow all ips)',
help:
"(Optional) Restricts the use of master key permissions to a list of IP addresses.<br><br>This option accepts a list of single IP addresses, for example:<br>`['10.0.0.1', '10.0.0.2']`<br><br>You can also use CIDR notation to specify an IP address range, for example:<br>`['10.0.1.0/24']`<br><br>Special cases:<br>- Setting an empty array `[]` means that `masterKey`` cannot be used even in Parse Server Cloud Code.<br>- Setting `['0.0.0.0/0']` means disabling the filter and the master key can be used from any IP address.<br><br>To connect Parse Dashboard from a different server requires to add the IP address of the server that hosts Parse Dashboard because Parse Dashboard uses the master key.<br><br>Defaults to `['127.0.0.1']` which means that only `localhost`, the server itself, is allowed to use the master key.",
action: parsers.arrayParser,
default: [],
default: ['127.0.0.1'],
},
maxLimit: {
env: 'PARSE_SERVER_MAX_LIMIT',