andpp/mopidy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

http: Doc security considerations

Browse Source
This commit is contained in:
Stein Magnus Jodal 2012-11-28 15:21:13 +01:00
parent 37164c6b04
commit 27291c8fac
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
mopidy/frontends/http/__init__.py
View File

@ -20,6 +20,15 @@ Frontend which lets you control Mopidy through HTTP and WebSockets.
When this frontend is included in :attr:`mopidy.settings.FRONTENDS`, it starts
a web server at the port specified by :attr:`mopidy.settings.HTTP_SERVER_PORT`.
As a simple security measure, the web server is by default only available from
localhost. To make it available from other computers, change
:attr:`mopidy.settings.HTTP_SERVER_HOSTNAME`. Before you do so, note that the
HTTP frontend does not feature any form of user authentication or
authorization. Anyone able to access the web server can use the full core API
of Mopidy. Thus, you probably only want to make the web server available from
your local network or place it behind a web proxy which takes care or user
authentication. You have been warned.
This web server exposes a WebSocket at ``/ws``. The WebSocket gives you access
to Mopidy's full API and enables Mopidy to instantly push events to the client,
as they happen.