Skip to content
This repository was archived by the owner on Aug 5, 2024. It is now read-only.

Commit 1a9dd52

Browse files
committed
added security features page
1 parent 375501b commit 1a9dd52

File tree

2 files changed

+38
-0
lines changed

2 files changed

+38
-0
lines changed
Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
import { Details, Callout, DocImage } from "@doc";
2+
import { createMetadata } from "@doc";
3+
4+
export const metadata = createMetadata({
5+
title: "Security | thirdweb Engine",
6+
description:
7+
"thirdweb Engine provides you with security features to configure and restrict access.",
8+
});
9+
10+
# Security
11+
12+
Engine provides you with security features to configure and restrict access to sensitive operations.
13+
14+
## IP Allowlist
15+
16+
You can restrict access to your Engine instance by configuring an IP allowlist. This can be configured in the **Configuration** section of the [Engine dashboard](https://thirdweb.com/dashboard/engine/).
17+
If an IP allowlist is not configured, Engine will allow all incoming requests.
18+
19+
<Callout variant="info" title="Note">
20+
This does not affect calls from the Engine dashboard to your Engine instance.
21+
</Callout>
22+
23+
### Using IP Allowlist with a self-hosted Engine
24+
25+
If you have engine running on a server behing a reverse proxy, you can set the `TRUST_PROXY` environment variable to `true` to trust the `X-Forwarded-For` header. Reverse proxies like Nginx or Apache will add this header to the request with the original client IP address, and setting this variable will allow Engine to use the correct IP address for the allowlist.
26+
27+
```bash name=".env"
28+
TRUST_PROXY=true
29+
```
30+
31+
## Domain Allowlist (CORS)
32+
33+
You can restrict access to your Engine instance by configuring a domain allowlist. This can be configured in the **Configuration** section of the [Engine dashboard](https://thirdweb.com/dashboard/engine/).
34+
Multiple domains can be added to the allowlist, and Engine will only accept requests from these domains. A wildcard domain can also be added to allow requests from any domain.

src/app/engine/sidebar.tsx

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,10 @@ export const sidebar: SideBar = {
6868
name: "Contract Subscriptions",
6969
href: `${engineSlug}/features/contract-subscriptions`,
7070
},
71+
{
72+
name: "Security",
73+
href: `${engineSlug}/features/security`,
74+
},
7175
],
7276
},
7377
{

0 commit comments

Comments
 (0)