commit e399f0df211441b89eaaa213b7cfb32e829a1c1b
parent 33fa6d750d0c9f600999573dda7a4070cf065e6b
Author: Thien-Thi Nguyen <ttn@gnuvola.org>
Date: Wed, 11 Aug 2021 05:02:24 -0400
add reverse-proxy ref to leak note -- note FIXME
Diffstat:
1 file changed, 2 insertions(+), 0 deletions(-)
diff --git a/taler-merchant-manual.rst b/taler-merchant-manual.rst
@@ -785,6 +785,8 @@ it twice, first creating the ``default`` instance, then creating normal ones.
This means unauthorized users can distinguish between the case where the
instance does not exist (HTTP 404) and the case where access is denied
(HTTP 403).
+ This is all moot behind a properly configured reverse-proxy.
+ FIXME: Link to primary reverse-proxy documentation.
KUDOS Accounts
