This repository has been archived by the owner on Nov 1, 2018. It is now read-only.
Add optional feature to reject requests without IIS token #141
Comments
|
Why default to false? Is there a mainstream scenario where you wouldn't want it on? |
|
Offline dicussion: On by default, no option to turn it off. The middleware is only added to the pipeline if the AspNetCoreModule environment variables are detected at startup, so enabling this will not affect self-host scenarios. |
|
Why not providing an option to disable this feature? What happens if I want to host my app in various environments? (e.g behind IIS on a Windows machine, behind nginx on a Linux-based machine). Wooops, forget that, as mentioned, the integration middleware is only added if the ANCM environment variables are injected in the app process, so it shouldn't be a problem 😄 |
Tratcher
added a commit
that referenced
this issue
Apr 22, 2016
Tratcher
added a commit
that referenced
this issue
Apr 22, 2016
Tratcher
added a commit
that referenced
this issue
Apr 22, 2016
jkotalik
added a commit
that referenced
this issue
Dec 8, 2017
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This would prevent requests on the same machine bypassing auth/path authorization provided by IIS.
Should default to false though.
The text was updated successfully, but these errors were encountered: