Dashboard protection


#1

How can we protect the dashboard UI for NodeRED as it still blocks http in requests as well.


#2

Not sure what you mean here. Does you dashboard block incoming requests?


#3

As we set up the nodeAuth it blocks the http in requests as well. It asks for the user and password for the Http in as well.


#4

Yes - currently the dashboard is "just another" http endpoint so is protected by the same (and only) mechanism - so if you turn it on for one you turn it on for the whole application.


#5

so what could be the solution for this ?


#6

And also for uibuilder :slight_smile: I might need to add a flag to make that optional perhaps?