highmobility / hm-graphql-auto-api-explorer Goto Github PK

Observation: In AuthController there are at least two occasions where http is being used.

Expectation: do not use http? At least not hard coded this way; if the original request was http by itself, it is understandable, but if not (e.g., because https was used), why suddenly do http?

Observed behavior: when the dashboard is provisioned, authentication might have been enabled (username+password authentication). If this is enabled, one is unable to add a Google Maps API key without first disabling authentication (which also completely removes the username+password). This is rather unfortunate in use cases where the username+password are being provisioned as part of the deployment of the dashboard itself.

Expected behavior: if no Google Maps API key has been entered, it should always be possible to add that. It should not matter if authentication is enabled or not.

This isn't an issue, nevertheless, I just wanted to mention that using this application when deployed behind a reverse proxy (like haproxy or nginx) requires the rewrite of the host header in the configuration of the reverse proxy, for connections towards the backend.

For haproxy: http-request set-header Host "your.fixed.hostname" (see https://www.haproxy.com/documentation/hapee/latest/traffic-routing/rewrites/rewrite-requests/#set-a-header)
For nginx: proxy_set_header Host "your.fixed.hostname"; (see https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header)

You might want to add this to the README.md.