hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-11-11 05:10:51 +03:00
Code Issues Projects Releases Wiki Activity

docs: remove recommendation for action handler security (#5355)

Browse Source
This commit is contained in:
Marion Schleifer 2020-07-17 20:39:42 +02:00 committed by GitHub
parent 286ea31f36
commit e649dcebe2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/graphql/manual/actions/action-handlers.rst
View File

@ -139,16 +139,16 @@ setting the status code as ``4xx``.
.. _securing_action_handlers:
Securing your action handler
----------------------------
Restrict access to your action handler
--------------------------------------
You might want to make sure that an action handler can only get called by your
You might want to restrict access to your action handler in order to ensure that it can only get called by your
Hasura instance and not by third parties.
Adding an action secret
^^^^^^^^^^^^^^^^^^^^^^^
One possible way of securing an action handler is by adding a header to the action
One possible way of restricting access to an action handler is by adding a header to the action
that is automatically sent with each request to the webhook, and then adding a check
against that in your action handler.
@ -159,10 +159,9 @@ against that in your action handler.
.. note::
Adding an action secret is a simple way of securing an action
handler against unauthorized access and will suffice in most use cases.
Adding an action secret is a simple way of restricting access to an action handler and will suffice in most use cases.
However, if you have more profound security requirements, you might want to choose advanced
security solutions such as `HMAC <https://en.wikipedia.org/wiki/HMAC>`__.
security solutions tailored to your needs.
Step 1: Configure your Hasura instance