Hacker News new | past | comments | ask | show | jobs | submit login

So now your authentication logic lives in your Nginx config, a rather odd language with it's own fair share of quirks. That's not great and it's not where the logic conceptually fits.



You generally setup the reverse proxy to pass the required information to the backend via some trusted mechanism (e.g. HTTP headers not settable through client requests).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: