diff options
Diffstat (limited to 'weed/command/scaffold/security.toml')
| -rw-r--r-- | weed/command/scaffold/security.toml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/weed/command/scaffold/security.toml b/weed/command/scaffold/security.toml index 9626ee58c..c5b2a563c 100644 --- a/weed/command/scaffold/security.toml +++ b/weed/command/scaffold/security.toml @@ -24,6 +24,13 @@ expires_after_seconds = 10 # seconds [access] ui = false +# by default the filer UI is enabled. This can be a security risk if the filer is exposed to the public +# and the JWT for reads is not set. If you don't want the public to have access to the objects in your +# storage, and you haven't set the JWT for reads it is wise to disable access to directory metadata. +# This disables access to the Filer UI, and will no longer return directory metadata in GET requests. +[filer.expose_directory_metadata] +enabled = true + # this jwt signing key is read by master and volume server, and it is used for read operations: # - the Master server generates the JWT, which can be used to read a certain file on a volume server # - the Volume server validates the JWT on reading |