From 19bfd5e46c6f9d934c50da893120ceeae5b017ea Mon Sep 17 00:00:00 2001 From: simon987 Date: Tue, 3 Mar 2020 08:28:16 -0500 Subject: [PATCH] note known limitations --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index a9e3de9..53452f5 100644 --- a/README.md +++ b/README.md @@ -84,3 +84,10 @@ These steps have to be performed on machine with compatible configuration (same ./build.sh ``` 4. The dynamic module can be found at `${NGINX_PATH}/objs/ngx_http_js_challenge_module.so` + + + +### Known limitations / TODO + +* Users with cookies disabled will be stuck in an infinite refresh loop (TODO: redirect with a known query param, if no cookie is specified but the query arg is set, display an error page) +* If nginx is behind a reverse proxy/load balancer, the same challenge will be sent to different users and/or the response cookie will be invalidated when the user is re-routed to another server. (TODO: use the x-real-ip header when available)