Add Better Security Features to Vitals

Created on 29 October 2022, over 2 years ago

Updated 6 February 2023, almost 2 years ago

Multiple requests have been made to provide options to lock down the vitals status page further than just relying on the token.

Login to site that is configured to use vitals.
Navigate to the vitals configuration page.
Click on the vitals link that is shown that allows users to access the endpoint.
Copy and paste url in an incognito window.
Verify that you can see vitals status page with nothing else present other than the token in the url.

Multiple suggestions have been submitted including:

Discussion on this issue thread is welcome!
Ideally path forward will be determined by December 1st, 2022
This issue will not be addressed by the time D10 is out. This could very easily be a major version bump.

No user interface changes are expected at this time.

Chances are there will be changes here, but TBD.

Chances are there will be changes here, but TBD.

🌱 Plan

Status

Active

Version

2.2

Component

Code

Created by

🇺🇸United States daceej

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment almost 2 years ago →
🇺🇸United States daceej
Have not had much time to think through everything just yet. I have some projects that are wrapping up soon, so I should be able to devote some time to this shortly.
Comment almost 2 years ago →
🇧🇪Belgium tijsdeboeck Antwerp 🇧🇪 🇪🇺 🌎
Thanks for the update. No worries ;)

Our offer to join as co-maintainers still stand if you are interested / can use the help.

Production build 0.71.5 2024