From 36a72f013a2cd1ec8eacea9a92928e06c38daba5 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Fri, 10 Apr 2026 16:43:41 +0700 Subject: [PATCH] server: document lack of built-in authentication on Server type --- checker/server.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/checker/server.go b/checker/server.go index 6065fbd..c036b07 100644 --- a/checker/server.go +++ b/checker/server.go @@ -33,6 +33,10 @@ const maxRequestBodySize = 1 << 20 // CheckerDefinitionProvider, it also exposes /definition and /evaluate. // If the provider implements CheckerHTMLReporter or CheckerMetricsReporter, // it also exposes /report. +// +// Security: Server does not perform any authentication or authorization. +// It is intended to be run behind a reverse proxy or in a trusted network +// where access control is handled externally (e.g. by the happyDomain server). type Server struct { provider ObservationProvider definition *CheckerDefinition