documented `UPTIME_KUMA_WS_ORIGIN_CHECK` (#72)

Frank Elsinga 2023-12-11 02:03:48 +01:00 committed by GitHub
parent 754e153543
commit 553ff6523f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions

@ -22,6 +22,7 @@ node server/server.js --host=127.0.0.1 --port=8080
| `UPTIME_KUMA_SSL_KEY_PASSPHRASE` or `SSL_KEY_PASSPHRASE` | `--ssl-key-passphrase=` | (1.21.1) SSL Key Passphrase | |
| `UPTIME_KUMA_CLOUDFLARED_TOKEN` | `--cloudflared-token=` | (1.14.0) Cloudflare Tunnel Token | |
| `UPTIME_KUMA_DISABLE_FRAME_SAMEORIGIN` | `--disable-frame-sameorigin=` | By default, Uptime Kuma is not allowed in iframe if the domain name is not the same as the parent. It protects your Uptime Kuma to be a phishing website. If you don't need this protection, you can set it to `true` | `false` |
| `UPTIME_KUMA_WS_ORIGIN_CHECK` | | By default, Uptime Kuma is verifying that the websockets [`ORIGIN`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin)-Header matches your servers hostname. If you don't need this protection, you can set it to `bypass`. See [GHSA-mj22-23ff-2hrr](https://github.com/louislam/uptime-kuma/security/advisories/GHSA-mj22-23ff-2hrr) for further context. | `cors-like` |
| `UPTIME_KUMA_ALLOW_ALL_CHROME_EXEC` | `--allow-all-chrome-exec=` | (1.23.0) Allow to specify any executables as Chromium | `0` |
| `NODE_EXTRA_CA_CERTS` | | Add your self-signed ca certs. (e.g. /cert/path/CAcert.pem) [Read more](https://github.com/louislam/uptime-kuma/issues/1380) | |
| `NODE_TLS_REJECT_UNAUTHORIZED` | | Ignore all TLS errors | `0` |