View more context

 

mike_henden

Yep, that’s the template it’s using. How can I make the rest of the site ‘behave’? Need to dropdown second level nav on all pages, not just one! 😁

CptPillow

Hi Everyone. I am trying to filter a view on multiple different select fields and busy looking for a library to take care of most of the logic. has anyone got an preference? Edit: Found something that works quite nice. https://codepen.io/VisualHarmony/pen/GBqQYp

halles

Well, update. It was as simple as setting SS_TRUSTED_PROXY_IPS to *

madman

Hey @halles, I was scrolling backhistory and saw this. Just wanted to say - be very careful using * for this. It allows for weird edge case issues - like if attackers can person-in-the-middle a wifi connection for example, they can make the site appear to be https for a user when it’s actually http and session cookies etc are sent in the clear

madman

If you set * you need to make sure that only your load balancer or WAF can access your site directly (e.g. IP whitelist your site to only allow the WAF IPs access). Alternatively, set it to a list of IP addresses that you know are allowable upstream proxies (e.g. your WAF IP ranges), any other IP that hits the site won’t be trusted - they can still access the site but we won’t infer anything from the headers the browser sends

halles

Yeah, I ended up adding only the appropriate IPs. There’s only one env that has * but it’s just used as a sandbox, has no content I could be concerned with

halles

Every other default was working as expected

Mo

Ugh, when you are asked to take over support of a site built in Wordpress

Mo

then you look at the functionality and go "Why was this built in Wordpress"?