Has anybody tried to hide the direct api access behind a nginx reverse proxy url?
On 10/18/18 1:19 AM, Abhilash Raj wrote:
On Wed, Oct 17, 2018, at 10:39 AM, Hagen Bauer wrote:
Hi,
I am running a static website with jekyll and I want to integrate a form that executes a subription rest api call to mailman.
From my first investigation this seems to be a bad idea from a security perspective (rest api needs managaer access).
I agree, you should never be exposing your Mailman Core's API to Internet, because it is an administrative API.
To be able to do that entirely in front-end, you may even have to expose the password in front, which is definitely not a good idea.
Is there a secure way to do this? Any other ideas?
One thing you could do is have
mailto:listname-join@domain.comURL in your site, that your subscribers can use to send an email to subscribe.You might be able to embed our web frontend in an Iframe or something, I don't have any experience doing that or am not even sure if that'll work.