On Wed, Oct 17, 2018, at 11:09 PM, Hagen Bauer wrote:
Has anybody tried to hide the direct api access behind a nginx reverse proxy url?
That would still need authentication right? Even behind nginx proxy.
Where do you plan to keep that secret when using a static website?
On 10/18/18 1:19 AM, Abhilash Raj wrote:
On Wed, Oct 17, 2018, at 10:39 AM, Hagen Bauer wrote:
Hi,
I am running a static website with jekyll and I want to integrate a form that executes a subription rest api call to mailman.
From my first investigation this seems to be a bad idea from a security perspective (rest api needs managaer access).
I agree, you should never be exposing your Mailman Core's API to Internet, because it is an administrative API.
To be able to do that entirely in front-end, you may even have to expose the password in front, which is definitely not a good idea.
Is there a secure way to do this? Any other ideas?
One thing you could do is have
mailto:listname-join@domain.comURL in your site, that your subscribers can use to send an email to subscribe.You might be able to embed our web frontend in an Iframe or something, I don't have any experience doing that or am not even sure if that'll work.
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
-- thanks, Abhilash Raj (maxking)