From c0435fdff469de6046c693ad283f927428fd4910 Mon Sep 17 00:00:00 2001 From: Boaz Yaniv Date: Thu, 20 Jul 2023 23:42:09 +0900 Subject: Add API Keys for fzf --listen (#3374) --- man/man1/fzf.1 | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'man') diff --git a/man/man1/fzf.1 b/man/man1/fzf.1 index 15c8ca6d..34024685 100644 --- a/man/man1/fzf.1 +++ b/man/man1/fzf.1 @@ -772,7 +772,9 @@ Start HTTP server on the given port. It allows external processes to send actions to perform via POST method. If the port number is omitted or given as 0, fzf will choose the port automatically and export it as \fBFZF_PORT\fR environment variable to the child processes started via \fBexecute\fR and -\fBexecute-silent\fR actions. +\fBexecute-silent\fR actions. If \fBFZF_API_KEY\fR environment variable is +set, the server would require sending an API key with the same value in the +\fBx-api-key\fR HTTP header. e.g. \fB# Start HTTP server on port 6266 @@ -781,6 +783,10 @@ e.g. # Send action to the server curl -XPOST localhost:6266 -d 'reload(seq 100)+change-prompt(hundred> )' + # Start HTTP server on port 6266 and send an authenticated action + export FZF_API_KEY="$(head -c 32 /dev/urandom | base64)" + curl -XPOST localhost:6266 -H "x-api-key: $FZF_API_KEY" -d 'change-query(yo)' + # Choose port automatically and export it as $FZF_PORT to the child process fzf --listen --bind 'start:execute-silent:echo $FZF_PORT > /tmp/fzf-port' \fR @@ -800,6 +806,11 @@ this case make sure that the command is POSIX-compliant. .TP .B FZF_DEFAULT_OPTS Default options. e.g. \fBexport FZF_DEFAULT_OPTS="--extended --cycle"\fR +.TP +.B FZF_API_KEY +Can be used to require an API key when using \fB--listen\fR option. If not set, +no authentication will be required by the server. You can set this value if +you need to protect against DNS rebinding and privilege escalation attacks. .SH EXIT STATUS .BR 0 " Normal exit" -- cgit v1.2.3