git » chasquid » commit f137702

trace: Remove restriction on tracing pages

author Alberto Bertogli
2021-06-11 22:29:52 UTC
committer Alberto Bertogli
2021-06-11 22:29:52 UTC
parent cfe0e48c0a42bdb08c3caa563ed4d8022ffd88b3
trace: Remove restriction on tracing pages

By default, golang.org/x/net/trace currently only allows the tracing
pages to be seen from localhost.

This restriction can be confusing for people accessing the monitoring
server remotely, and adds no value in our environment.

The monitoring server already exports very sensitive information, and
must be enabled with care, and is not on by default. This is well
documented.

This patch removes the restriction, making all the monitoring pages
equally accessible.
internal/trace/trace.go +10 -0 
diff --git a/internal/trace/trace.go b/internal/trace/trace.go
index 84880c9..8dc9411 100644
--- a/internal/trace/trace.go
+++ b/internal/trace/trace.go
@@ -3,6 +3,7 @@ package trace
 
 import (
 	"fmt"
+	"net/http"
 	"strconv"
 
 	"blitiri.com.ar/go/log"
@@ -10,6 +11,15 @@ import (
 	nettrace "golang.org/x/net/trace"
 )
 
+func init() {
+	// golang.org/x/net/trace has its own authorization which by default only
+	// allows localhost. This can be confusing and limiting in environments
+	// which access the monitoring server remotely.
+	nettrace.AuthRequest = func(req *http.Request) (any, sensitive bool) {
+		return true, true
+	}
+}
+
 // A Trace represents an active request.
 type Trace struct {
 	family string