Skip to content
This repository has been archived by the owner on Jan 7, 2018. It is now read-only.

Commit

Permalink
Add tooltips on API key restriction usage (IPs & referers).
Browse files Browse the repository at this point in the history
  • Loading branch information
@GUI
GUI committed Aug 13, 2015
1 parent 3afb7bb commit 45c9348
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 2 deletions.
3 changes: 2 additions & 1 deletion app/assets/javascripts/admin/templates/apis/settings_allowed_ips_fields.hbs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{{input allowedIpsString as='text'
class='row-fluid'
label='Restrict Access to IPs'
labelTranslation='mongoid.attributes.api/settings.allowed_ips'
tooltipTranslation='admin.api.settings.allowed_ips_tooltip_markdown'
placeholder='10.0.0.0/8'
inputConfig='class:span12'}}
3 changes: 2 additions & 1 deletion app/assets/javascripts/admin/templates/apis/settings_allowed_referers_fields.hbs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{{input allowedReferersString as='text'
class='row-fluid'
label='Restrict Access to HTTP Referers'
labelTranslation='mongoid.attributes.api/settings.allowed_referers'
tooltipTranslation='admin.api.settings.allowed_referers_tooltip_markdown'
placeholder='*.example.com/*'
inputConfig='class:span12'}}
12 changes: 12 additions & 0 deletions config/locales/en.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,18 @@ en:
code: OVER_RATE_LIMIT
message: You have exceeded your rate limit. Try again later or contact us at {{contactUrl}} for assistance
```
allowed_ips_tooltip_markdown: |-
Restrict this API key so that it may only be used from the specified IP addresses.
Single IP addresses may be given (`10.20.30.40`) or IP ranges may be given in CIDR notation (`10.0.0.0/8`).
Multiple IP addresses can be allowed by entering each one on a new line.
allowed_referers_tooltip_markdown: |-
Restrict this API key so that it may only be used when the specified URLs are present in the `Referer` HTTP header. This can be used to prevent an API key from being reused on other client-side web applications that don't match this URL (but note that this does not prevent server-side reuse where the referer could be forged).
A full URL may be given (`https://example.com/foo`), or wildcards can be used (`*.example.com/*`).
Multiple referers can be allowed by entering each one on a new line.
sub_settings:
legend: Sub-URL Request Settings
note: Change settings for specific sub-URLs within this API.
Expand Down

0 comments on commit 45c9348

Please sign in to comment.