Lock down the /docs API

Question

Lock down the /docs API

Closed this issue a month ago · 1 comments

Currently the /docs API is not locked, so it can be dangerous in production environments. It would be safer to find a way to lock the API URLs (via reverse proxy or some other method)

Answer 1 · 2024-10-21T18:29:04.000Z

Decided at dev meeting that:
1 - there is no risk if you set keys and jwt secret
2 - as you suggested, to hide /docs, you can add a simple proxy rule