From f44fc4b85be5d6f6569edeb332c8e2770a39d1cd Mon Sep 17 00:00:00 2001 From: Eric Callahan Date: Mon, 22 Jan 2024 12:42:25 -0500 Subject: [PATCH] docs: update changelog and add note about trusted domains Signed-off-by: Eric Callahan --- docs/changelog.md | 1 + docs/configuration.md | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/changelog.md b/docs/changelog.md index 08ae431..faad5f6 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -46,6 +46,7 @@ The format is based on [Keep a Changelog]. - **klippy_connection**: Fixed a race condition that can result in skipped subscription updates. - **configheler**: Fixed inline comment parsing. +- **authorization**: Fixed blocking call to `socket.getfqdn()` ### Changed diff --git a/docs/configuration.md b/docs/configuration.md index b3bbb4c..c6efda9 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -469,8 +469,8 @@ trusted_clients: # must be expressed in CIDR notation (see http://ip.sb/cidr for more info). # For example, an entry of 192.168.1.0/24 will authorize IPs in the range of # 192.168.1.1 - 192.168.1.254. Note that when specifying IPv4 ranges the -# last segment of the ip address must be 0. The default is no clients are -# trusted. +# last segment of the ip address must be 0. The default is no IPs or +# domains are trusted. cors_domains: http://klipper-printer.local http://second-printer.local:7125 @@ -498,6 +498,14 @@ default_source: moonraker # "moonraker" The default is "moonraker". ``` +!!! Tip + When configuring the `trusted_clients` option it is generally recommended + to stick with IP ranges and avoid including domain names. When attempting to + authenticate a request against a domain name Moonraker must perform a DNS + lookup. If the DNS service is not available then authentication will fail + and an error will be returned. In addition, DNS lookups will introduce delay + in the response. + ### `[ldap]` The `ldap` module may be used by `[authorization]` to perform user