You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not involved with this project (just a user), but to me this feels like the kind of feature that would be better implemented at the reverse-proxy or load balancer level, to minimize complexity in the application layer.
Thanks @logankoester I'm starting to think actually that a plugin for iron-router might do the trick. I'm not sure that having it implemented at the load balancer/reverse-proxy level would cover all the requests on a predominantly client-side app
@malpaso That's a really interesting point. A bit embarrassing... I was thinking in the context of a traditional web service when I made that suggestion, and in retrospect it seems obvious that a Meteor app might allow access to the /admin views without ever actually hitting the /admin/* HTTP endpoints from the client.
Definitely something I need to remember when working with Meteor myself. 😨
With that in mind, your iron-router plugin plan sounds solid. Another approach might be to implement routing-aware IP whitelisting on Sikka, an application-level firewall for Meteor.
As above, any suggestions on how to do this or any packages that will allow iron-router to do this?
The text was updated successfully, but these errors were encountered: