Add link to how to run on Heroku #282
Conversation
|
By analyzing the blame information on this pull request, we identified @drew-gross, @natanrolnik and @felipemobile to be potential reviewers. |
|
Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign up at https://code.facebook.com/cla - and if you have received this in error or have any questions, please drop us a line at cla@fb.com. Thanks! |
|
@mattgoldspink do you think you could squash the commits in one single commit? |
|
Possibly Off-Topic: Is there a way to stop somebody from just visiting the link and messing with your database? |
|
Since your guide uses the --allowInsecureHTTP option, can you include in your guide how to ensure that Heroku does not allow HTTP? Using HTTPS only is incredibly important for the dashboard. |
|
@natanrolnik Sure - let me get that fixed. @drew-gross So I added that flag because when on Heroku the proxy forwards requests over http and hence you end up with.
I'll file a seperate ticket for this, but we should perhaps either add another flag which enables http if the "X-Forwarded-Proto" is https, or extend the existing flag to allow http requests if the "X-Forwarded-Proto" header is set. @noder199 Can you explain a little bit more about what you mean? The example I gave sets up the user/pass in the config ensuring users have to log in. Are you talking about something else? |
|
X-Forwarded-Proto is not safe, any HTTP client could set it and force the server to serve on HTTP thinking it's safe... |
|
@mattgoldspink updated the pull request. |
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks! |
|
@mattgoldspink updated the pull request. |
Linking to Codementor.io article. I'm assuming others can provide links to either seperate wiki pages in the project of their own blog posts (similar to how it's done on Parse-Server)
|
@mattgoldspink updated the pull request. |
|
Commit is squashed @flovilmart Agreed - let me open a separate ticket to discuss this on. |
|
Using the --allowInsecureHTTP flag is find if you have SSL termination somewhere earlier in your request handling, and that layer refuses non HTTPS. If you can explain in your guide why it's safe to use in this case, I'd be happy to merge :) |
|
I added my way to get the dashboard running with Heroku .. its up and running fine. #250 |
|
@drew-gross Added an "Important Note" section to the article explaining that in general --allowInsecureHTTP flag shouldn't be set, but in this case it is valid. Also included a link to the open ticket about improving for proxies. Let me know if it needs tweaking. |
parse-dashboard-exampleIf anyone is interested then please check out and give me feedback about my parse-dashboard-example project. It is similar to the parse-server-example. Please check it out at: |
ghost
added
the
|
Closing due to lack of activity |
Also added a new section to the Readme so that other platform setups can be contributed either as Wiki pages or blog posts