[SERVER-9851] Warn if http dependent options are specified (jsonp/rest) Created: 03/Jun/13  Updated: 02/Aug/18  Resolved: 27/Jun/13

Status: Closed
Project: Core Server
Component/s: HTTP Console
Affects Version/s: None
Fix Version/s: 2.5.1

Type: Task Priority: Major - P3
Reporter: Scott Hernandez (Inactive) Assignee: Gregory McKeon (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

If someone tries to start with "rest" or "jsonp" and there is no http support this should be an error and the system should fail to start with an appropriate error message. Currently these options are silently "ignored" (from the users perspective).

The other option would be to turn on the http interface if dependent options are specified, like is done with auth/authKey.

EDITED TO ADD: Also produce warning is -rest/-jsonp is overriden by --nohttpinterface



 Comments   
Comment by Andreas Nilsson [ 27/Jun/13 ]

The following command line combinations will generate warnings for now and errors in the future. Not sure if we want to document it or not.

mongod --nohttpinterface (--rest|--jsonp)
mongod (--rest|--jsonp)

Comment by auto [ 27/Jun/13 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-9851 Warn if http options are specified without --httpinterface
Branch: master
https://github.com/mongodb/mongo/commit/9ae211bbd106570522e99d905b07a06a121186e2

Comment by Scott Hernandez (Inactive) [ 25/Jun/13 ]

Tad, the goal is to both do unsurprising things but also to turn off the http system when possible for security reasons. Making it harder to turn on the http system, without being explicit at all levels, is part of that plan.

Also, our rest isn't really rest. At some point me may deliver a feature more useful, secure and useful but this isn't it, and it may come in an external or optional module – best to address when we get there.

Comment by Tad Marshall [ 25/Jun/13 ]

It seems a little user-unfriendly to require "--httpinterface --rest" to turn on "--rest" and "--httpinterface --jsonp" to turn on "--jsonp".

It is definitely user-unfriendly to silently ignore "--rest" and "--jsonp" when "--httpinterface" has not also been specified.

I think that the "principle of least astonishment" would tell you to enable --httpinterface when a "superset" of that feature is enabled. If the documentation unambiguously describes --rest as enabling "HTTP with REST", for example, this should not cause confusion.

Generated at Thu Feb 08 03:21:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.