daml/daml-assistant/daml-helper
Stephen Compall 067f3c987d
require https reverse proxy (#5660)
* new --leak-passwords-firesheep-style option; functions to check forwarded protocol

* enforce https reverse-proxy in all JWT-accepting endpoints

* make HttpService.start take config record

* test that X-Forwarded-Proto or Forwarded is enforced

* use new start signature in daml-script tests

* use insecure http mode for ts codegen tests

* note on regex

* use insecure option in daml assistant integration tests

* log allowNonHttps setting

* add non-https option to more places in daml-assistant tests

* add non-https option to getting started guide

* rename --leak-passwords-firesheep-style to --allow-insecure-tokens

- per suggestion by @garyverhaegen-da, @hurryabit

CHANGELOG_BEGIN
- [JSON API] By default, checks that connections are made through a reverse-proxy
  providing HTTPS, ensuring that JWT tokens don't leak.  To disable this check,
  such as for development, pass ``--allow-insecure-tokens``.
  See `issue #5572 <https://github.com/digital-asset/daml/issues/5572>`_.
CHANGELOG_END

* daml start includes --allow-insecure-tokens by default

- as indicated by @cocreature
2020-04-28 14:33:38 -04:00
..
src/DA/Daml/Helper require https reverse proxy (#5660) 2020-04-28 14:33:38 -04:00
test/DA/Daml/Helper/Test Include daml ledger tests in compatibility tests (#5740) 2020-04-27 16:13:16 +00:00
BUILD.bazel Dont use inspect-dar to discover main package-id in test. (#5372) 2020-04-02 13:12:21 +00:00