Skip to content

Server reliability, performance and security improvments#2061

Merged
lissy93 merged 16 commits into
masterfrom
fix/server-fixes
Apr 12, 2026
Merged

Server reliability, performance and security improvments#2061
lissy93 merged 16 commits into
masterfrom
fix/server-fixes

Conversation

@lissy93
Copy link
Copy Markdown
Owner

@lissy93 lissy93 commented Apr 12, 2026
edited
Loading

Category

Bug fix + Improvments for robustness/reliability, security and performance of the server endpoints.

Overview

I went through all issues where users reported server crashes or restart loops. Each case which this could ever happen should now be gracefully handled, to prevent the Docker container from unexpectidly crashing.

Robustness
Security
  • Max response size of (10MB) for proxy
  • Tightened allowed filenames for subconfigs
  • Adds timeouts to CORS + status checks endpoints
  • Enforces max write config size of 256kb
  • Blocks non-HTTP(S) schemas for cors proxy
  • Disallows calls to dangerous ranges
Tests
  • Adds missing tests for the sever-side endpoints
  • Slightly extends the docker smoke tests to check endpoint response

Config changes

Nothing really, except there's a new DANGEROUSLY_DISABLE_PROXY_RESTRICTIONS which if set will let you turn off all the newly implemented security safeguards (they're on by default).

lissy93 added 7 commits April 11, 2026 20:35
@lissy93
🐛 Fixes container crash on save-config (#1935, #1945)
0509269
@lissy93
⚡️ Robustness improvments for save-config endpoint
21491bb 
Deeper path validation, collision protection for backups, fixes missing
config field crash, adds check for file size, improved security of
filename allow regex
@lissy93
⚡ Robustness improvments to cors-proxy
be9b6b1 
Adds a timeout to prevent ever lasting requests, surrounds JSON parse with try catch when header missing uses a 400 status code instead of 500 and fixes the error messaging for this
@lissy93
🥅 Catch any remaining unhandled rejection (#1945, #1935, #1494)
16f589b
@lissy93
🔐 Restrict host and prototocol for cors proxy
0c09a81
@lissy93
⚡ Adds timeout to status check
92aa1ba
@lissy93
⚡ Ensure each server request always ends safly/no crash
4b0e40f
@netlify
Copy link
Copy Markdown

netlify Bot commented Apr 12, 2026
edited
Loading

Deploy Preview for dashy-dev ready!

Name Link
🔨 Latest commit a076838
🔍 Latest deploy log https://app.netlify.com/projects/dashy-dev/deploys/69dbf03283302e000833c1f1
😎 Deploy Preview https://deploy-preview-2061--dashy-dev.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@lissy93 lissy93 merged commit 2628259 into master Apr 12, 2026
9 checks passed
@lissy93 lissy93 deleted the fix/server-fixes branch April 12, 2026 19:28
This was referenced Apr 12, 2026
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

1 participant

@lissy93