| ▲ | drzaiusx11 22 days ago | |
Requiring a reverse proxy for TLS is pretty standard, but the rest of those findings are egregious (if they haven't been addressed yet.) | ||
| ▲ | akerl_ 22 days ago | parent [-] | |
The part I found jarring was that it will totally do TLS for you but using a TLS stack they don’t recommend, and if you put it behind a reverse proxy you also need to know to do custom log redaction to avoid logging tokens. | ||