https://supertokens.com/ logo
Join Discord
Powered by
Hi, is there a way to mount the dashboard endpoint...
# support-questions-legacy
i
Hi, is there a way to mount the dashboard endpoint to a separate port with a seperate domain and gateway settings? except the obvious way of creating a separate deployment of our BE service for that purpose?
r
hey @idanto not possible other than what you suggested!
i
thanks
think about adding such option for security purposes 🙂
r
well, we can't really do that, cause all we do is piggy back off of your api setup.
but actually
i
why not? you can duplicate the settings and add ability to mount it to a seperate port
r
if you add another domain pointing to your api layer, you can enforce that the host header in the request is that domain
see this: https://github.com/supertokens/dashboard/blob/master/server/index.ts#L48. There is another override function called shoudlAllowAccess which you can override and check that the request's host is the other domain.
i
I don't see shouldAllowAccess in the link I do see getDashboardBundleLocation which looks like giving me the option to change the location of the dashboard if I understand right
r
getDashboardBundleLocation -> only for specifying where the JS bundle is.
i
the point of doing that is to not mount the dashboard to the API because that increase the attack surface. instead I would like to mount it to a separate port in the service and expose it using a different domain that I can protect using VPN or other layers of security
r
yup, i know. So you can make a separate domain that points to your API layer, and then in the shouldAllowAccess, get the host header of the request and check based on that
so this way, if someone tries to access the dadhboard APIs via your actual api domain, it won't allow it
i
ok, thanks
I think I will still go with a separate deployment in a lower scale
r
sg!
PreviousNext
Powered by