From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id A4C581F461; Sun, 5 May 2019 21:28:34 +0000 (UTC) Date: Sun, 5 May 2019 21:28:34 +0000 From: Eric Wong To: meta@public-inbox.org Subject: default PSGI middlewares (was: httpd: get rid of Deflater warning) Message-ID: <20190505212834.2ewnijn5risiexhm@whir> References: <20190505204220.30345-1-e@80x24.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190505204220.30345-1-e@80x24.org> List-Id: Now, the ReverseProxy middleware may be invalid (or become less valid) in the future as well: TLS may come to NNTP and we might as well support HTTPS natively while we're at it. I can't drop middlewares by default since it would break existing installations which don't rely on a .psgi config; but there can be options to disable it... (not that I'm a fan of adding more options). Keeping ReverseProxy in the default middleware stack along with the existing warning would probably be the right thing to do. Worst case somebody malicious could do is change logging of IP addresses. Maybe the warning could be silenced if listening on 0.0.0.0:{443,80}