This repository has been archived by the owner on Aug 5, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 148
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
38 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| import { Details, Callout, DocImage } from "@doc"; | ||
| import { createMetadata } from "@doc"; | ||
|
|
||
| export const metadata = createMetadata({ | ||
| title: "Security | thirdweb Engine", | ||
| description: | ||
| "thirdweb Engine provides you with security features to configure and restrict access.", | ||
| }); | ||
|
|
||
| # Security | ||
|
|
||
| Engine provides you with security features to configure and restrict access to sensitive operations. | ||
|
|
||
| ## IP Allowlist | ||
|
|
||
| You can restrict access to your Engine instance by configuring an IP allowlist. This can be configured in the **Configuration** section of the [Engine dashboard](https://thirdweb.com/dashboard/engine/). | ||
| If an IP allowlist is not configured, Engine will allow all incoming requests. | ||
|
|
||
| <Callout variant="info" title="Note"> | ||
| This does not affect calls from the Engine dashboard to your Engine instance. | ||
| </Callout> | ||
|
|
||
| ### Using IP Allowlist with a self-hosted Engine | ||
|
|
||
| If you have engine running on a server behing a reverse proxy, you can set the `TRUST_PROXY` environment variable to `true` to trust the `X-Forwarded-For` header. Reverse proxies like Nginx or Apache will add this header to the request with the original client IP address, and setting this variable will allow Engine to use the correct IP address for the allowlist. | ||
|
|
||
| ```bash name=".env" | ||
| TRUST_PROXY=true | ||
| ``` | ||
|
|
||
| ## Domain Allowlist (CORS) | ||
|
|
||
| You can restrict access to your Engine instance by configuring a domain allowlist. This can be configured in the **Configuration** section of the [Engine dashboard](https://thirdweb.com/dashboard/engine/). | ||
| Multiple domains can be added to the allowlist, and Engine will only accept requests from these domains. A wildcard domain can also be added to allow requests from any domain. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters