server : better security control for public deployments (#9776)

* server : more explicit endpoint access settings * protect /props endpoint * fix tests * update server docs * fix typo * fix tests
2024-10-08 13:27:04 +02:00 · 2024-10-08 13:27:04 +02:00 · 458367a906
commit 458367a906
parent fa42aa6d89
8 changed files with 126 additions and 116 deletions
--- a/common/common.h
+++ b/common/common.h
@ -290,7 +290,10 @@ struct gpt_params {
    std::string ssl_file_key  = "";                                                                         // NOLINT
    std::string ssl_file_cert = "";                                                                         // NOLINT

-    bool endpoint_slots   = true;
+    // "advanced" endpoints are disabled by default for better security
+    bool webui            = true;
+    bool endpoint_slots   = false;
+    bool endpoint_props   = false; // only control POST requests, not GET
    bool endpoint_metrics = false;

    bool log_json = false;