proto: make rule to generate protobuf files, documentation#2
Merged
Conversation
maiamcc
approved these changes
Aug 7, 2018
maiamcc
left a comment
maiamcc
left a comment
Contributor
There was a problem hiding this comment.
🎉 ✨ documentaaaaationnnn 🎉 ✨
This was referenced Feb 21, 2020
nicks
added a commit
that referenced
this pull request
Nov 25, 2020
…rocess to apply changes, try #2
nicks
added a commit
that referenced
this pull request
Nov 26, 2020
…rocess to apply changes, try #2
nicksieger
added a commit
that referenced
this pull request
Jun 15, 2026
Discourage use of `--host` for anything other than the default. Signed-off-by: Nick Sieger <nick@nicksieger.com> Squashed commit of the following: commit 6b6220c Merge: bfb69e7 8e1ce55 Author: Nick Sieger <nick@nicksieger.com> Date: Mon Jun 15 09:57:04 2026 -0500 Merge pull request #3 from nicksieger/no-origin-fallback fix(hud): require CSRF token for HUD websocket upgrade commit 8e1ce55 Author: mickael emirkanian <mickael.emirkanian@docker.com> Date: Tue Jun 9 16:00:00 2026 -0400 fix(hud): require CSRF token for HUD websocket upgrade The /ws/view CheckOrigin fell back to originCheck when no CSRF token was supplied, and originCheck returns true when the Origin header is absent, so a non-browser client that omits Origin could open the HUD websocket and read the full view stream (session state, Tiltfile contents, resource status) with no token. Drop the origin fallback and require the CSRF token, which is only obtainable from the requireToken-gated /api/websocket_token endpoint; the frontend already connects with ?csrf=<token>, so the only change is that a stale tab must reload to reconnect. commit d0b2e48 Author: Nick Sieger <nick@nicksieger.com> Date: Mon Jun 8 10:38:14 2026 -0500 docs(cli): reframe --host flag to discourage 0.0.0.0 binding Replace "Set to 0.0.0.0 to listen on all interfaces" hint with guidance that the default is localhost and users should only change it if they need remote access and understand the security implications. commit bfb69e7 Author: Nick Sieger <nick@nicksieger.com> Date: Mon Jun 8 10:38:14 2026 -0500 docs(cli): reframe --host flag to discourage 0.0.0.0 binding Replace "Set to 0.0.0.0 to listen on all interfaces" hint with guidance that the default is localhost and users should only change it if they need remote access and understand the security implications. commit 9d15aeb Merge: 7e7999e f4c02cf Author: Nick Sieger <nick@nicksieger.com> Date: Mon Jun 8 09:02:13 2026 -0500 Merge pull request #2 from nicksieger/security-unauthenticated-hud-server-2 Add a couple of endpoints commit f4c02cf Author: mickael emirkanian <mickael.emirkanian@docker.com> Date: Fri Jun 5 20:58:21 2026 -0400 add tests Signed-off-by: mickael emirkanian <mickael.emirkanian@docker.com> commit af35915 Author: mickael emirkanian <mickael.emirkanian@docker.com> Date: Fri Jun 5 20:58:19 2026 -0400 update /api/snapshot /api/websocket_token and /proxy/* Signed-off-by: mickael emirkanian <mickael.emirkanian@docker.com> commit f57c5a8 Author: mickael emirkanian <mickael.emirkanian@docker.com> Date: Fri Jun 5 20:58:17 2026 -0400 add TILT_DISABLE_HUD_AUTH opt-out Signed-off-by: mickael emirkanian <mickael.emirkanian@docker.com> commit 7e7999e Author: Nick Sieger <nick@nicksieger.com> Date: Fri Jun 5 15:12:08 2026 -0500 fix: we only need one origin check function commit bd392b0 Author: Nick Sieger <nick@nicksieger.com> Date: Fri Jun 5 14:58:12 2026 -0500 security(hud): protect /api/view and /api/dump/engine with token auth - apply requireToken middleware to /api/view and /api/dump/engine - update requireToken to accept token from X-Tilt-Token header or Tilt-Token cookie - update CLI apiGet/apiPostJson to send X-Tilt-Token header using persisted token - add tests for all requireToken auth paths Signed-off-by: Nick Sieger <nick@nicksieger.com> commit fef0d80 Author: Nick Sieger <nick@nicksieger.com> Date: Fri Jun 5 13:39:53 2026 -0500 security(hud): restrict /debug/pprof to loopback connections - Add loopbackOnly middleware that checks RemoteAddr and returns 403 for any non-loopback source IP - Wrap the /debug prefix on both the web router and the API router so pprof memory dumps and goroutine profiles are not reachable from the network when Tilt runs with --host 0.0.0.0 Signed-off-by: Nick Sieger <nick@nicksieger.com> commit 83d11fd Author: Nick Sieger <nick@nicksieger.com> Date: Fri Jun 5 13:38:34 2026 -0500 security(hud): add Origin header validation middleware - Reject any request whose Origin header is present but does not match the Host the client connected to - Browsers always send Origin on cross-origin requests, so this blocks CSRF from network-reachable attackers (e.g. --host 0.0.0.0 mode) without affecting same-origin browser traffic or CLI tools - Wired via mux.Use() so it covers the entire HUD router Signed-off-by: Nick Sieger <nick@nicksieger.com> commit 6479e60 Author: Nick Sieger <nick@nicksieger.com> Signed-off-by: Nick Sieger <nick@nicksieger.com> Date: Fri Jun 5 13:36:55 2026 -0500 security(hud): add SameSite=Strict cookie and requireToken middleware - Set SameSite=Strict on Tilt-Token cookie; browsers will not send it on cross-site requests, blocking CSRF against mutation endpoints - Add requireToken middleware: validates cookie value against store token, returns 403 on mismatch or absence - Wrap /api/analytics, /api/analytics_opt, /api/trigger, /api/override/trigger_mode, and /api/set_tiltfile_args Signed-off-by: Nick Sieger <nick@nicksieger.com>
nicksieger
added a commit
that referenced
this pull request
Jun 15, 2026
Discourage use of `--host` for anything other than the default. Signed-off-by: Nick Sieger <nick@nicksieger.com> Squashed commit of the following: commit 6b6220c Merge: bfb69e7 8e1ce55 Author: Nick Sieger <nick@nicksieger.com> Date: Mon Jun 15 09:57:04 2026 -0500 Merge pull request #3 from nicksieger/no-origin-fallback fix(hud): require CSRF token for HUD websocket upgrade commit 8e1ce55 Author: mickael emirkanian <mickael.emirkanian@docker.com> Date: Tue Jun 9 16:00:00 2026 -0400 fix(hud): require CSRF token for HUD websocket upgrade The /ws/view CheckOrigin fell back to originCheck when no CSRF token was supplied, and originCheck returns true when the Origin header is absent, so a non-browser client that omits Origin could open the HUD websocket and read the full view stream (session state, Tiltfile contents, resource status) with no token. Drop the origin fallback and require the CSRF token, which is only obtainable from the requireToken-gated /api/websocket_token endpoint; the frontend already connects with ?csrf=<token>, so the only change is that a stale tab must reload to reconnect. commit d0b2e48 Author: Nick Sieger <nick@nicksieger.com> Date: Mon Jun 8 10:38:14 2026 -0500 docs(cli): reframe --host flag to discourage 0.0.0.0 binding Replace "Set to 0.0.0.0 to listen on all interfaces" hint with guidance that the default is localhost and users should only change it if they need remote access and understand the security implications. commit bfb69e7 Author: Nick Sieger <nick@nicksieger.com> Date: Mon Jun 8 10:38:14 2026 -0500 docs(cli): reframe --host flag to discourage 0.0.0.0 binding Replace "Set to 0.0.0.0 to listen on all interfaces" hint with guidance that the default is localhost and users should only change it if they need remote access and understand the security implications. commit 9d15aeb Merge: 7e7999e f4c02cf Author: Nick Sieger <nick@nicksieger.com> Date: Mon Jun 8 09:02:13 2026 -0500 Merge pull request #2 from nicksieger/security-unauthenticated-hud-server-2 Add a couple of endpoints commit f4c02cf Author: mickael emirkanian <mickael.emirkanian@docker.com> Date: Fri Jun 5 20:58:21 2026 -0400 add tests Signed-off-by: mickael emirkanian <mickael.emirkanian@docker.com> commit af35915 Author: mickael emirkanian <mickael.emirkanian@docker.com> Date: Fri Jun 5 20:58:19 2026 -0400 update /api/snapshot /api/websocket_token and /proxy/* Signed-off-by: mickael emirkanian <mickael.emirkanian@docker.com> commit f57c5a8 Author: mickael emirkanian <mickael.emirkanian@docker.com> Date: Fri Jun 5 20:58:17 2026 -0400 add TILT_DISABLE_HUD_AUTH opt-out Signed-off-by: mickael emirkanian <mickael.emirkanian@docker.com> commit 7e7999e Author: Nick Sieger <nick@nicksieger.com> Date: Fri Jun 5 15:12:08 2026 -0500 fix: we only need one origin check function commit bd392b0 Author: Nick Sieger <nick@nicksieger.com> Date: Fri Jun 5 14:58:12 2026 -0500 security(hud): protect /api/view and /api/dump/engine with token auth - apply requireToken middleware to /api/view and /api/dump/engine - update requireToken to accept token from X-Tilt-Token header or Tilt-Token cookie - update CLI apiGet/apiPostJson to send X-Tilt-Token header using persisted token - add tests for all requireToken auth paths Signed-off-by: Nick Sieger <nick@nicksieger.com> commit fef0d80 Author: Nick Sieger <nick@nicksieger.com> Date: Fri Jun 5 13:39:53 2026 -0500 security(hud): restrict /debug/pprof to loopback connections - Add loopbackOnly middleware that checks RemoteAddr and returns 403 for any non-loopback source IP - Wrap the /debug prefix on both the web router and the API router so pprof memory dumps and goroutine profiles are not reachable from the network when Tilt runs with --host 0.0.0.0 Signed-off-by: Nick Sieger <nick@nicksieger.com> commit 83d11fd Author: Nick Sieger <nick@nicksieger.com> Date: Fri Jun 5 13:38:34 2026 -0500 security(hud): add Origin header validation middleware - Reject any request whose Origin header is present but does not match the Host the client connected to - Browsers always send Origin on cross-origin requests, so this blocks CSRF from network-reachable attackers (e.g. --host 0.0.0.0 mode) without affecting same-origin browser traffic or CLI tools - Wired via mux.Use() so it covers the entire HUD router Signed-off-by: Nick Sieger <nick@nicksieger.com> commit 6479e60 Author: Nick Sieger <nick@nicksieger.com> Signed-off-by: Nick Sieger <nick@nicksieger.com> Date: Fri Jun 5 13:36:55 2026 -0500 security(hud): add SameSite=Strict cookie and requireToken middleware - Set SameSite=Strict on Tilt-Token cookie; browsers will not send it on cross-site requests, blocking CSRF against mutation endpoints - Add requireToken middleware: validates cookie value against store token, returns 403 on mismatch or absence - Wrap /api/analytics, /api/analytics_opt, /api/trigger, /api/override/trigger_mode, and /api/set_tiltfile_args Signed-off-by: Nick Sieger <nick@nicksieger.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.