How can we protect the dashboard UI for NodeRED as it still blocks http in requests as well.
Not sure what you mean here. Does you dashboard block incoming requests?
As we set up the nodeAuth it blocks the http in requests as well. It asks for the user and password for the Http in as well.
Yes - currently the dashboard is "just another" http endpoint so is protected by the same (and only) mechanism - so if you turn it on for one you turn it on for the whole application.
so what could be the solution for this ?
And also for uibuilder I might need to add a flag to make that optional perhaps?