/metrics endpoint exposed #52
Assignees
Labels
tracked
Issue is tracked in 1Password's internal ticketing system as well.
Comments
|
Hey @lothardp! I can confirm that the I'll discuss this with our team internally and update the issue shortly. Thanks for bringing this to our attention. |
|
We are discussing internally and working on a solution for this. Thanks again for filing the issue! In the meantime, (if possible) you might consider restricting public traffic to the data endpoints you require. |
ag-adampike
added
the
tracked
|
You're welcome, and thank you for your quick responses and the tip. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have a connect server deployed in a different cloud service than my main app, so I am using Lets Encript to protect the communication from my app to the 1password connect server. I noticed that the
/metricsendpoint in the server is publicly available, and it responds with information about the server. I am not sure if you (at 1Password) are aware of this, I don't think this is sensible information but I think it would be better if it wasn't public.The text was updated successfully, but these errors were encountered: