You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 22, 2020. It is now read-only.
Copy file name to clipboardExpand all lines: README.md
+9-1Lines changed: 9 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -49,12 +49,20 @@ Basic Auth checks against GitHub API. This little piece of software is brought t
49
49
* the JWT Token is valid for 4 hours.
50
50
* After the Token has expired or the cookie is removed you will have to perform Authentication again.
51
51
52
-
### 1.4 Is this really secure?
52
+
### 1.4 Is it really secure?
53
53
54
54
* Basically `gh-pages` URLs are public. But if you use a private repository you can only **guess** the actual URLs.
55
55
* If you create a directory in your `gh-pages` branch which is called e.g. `086e41eb6ff7a50ad33ad742dbaa2e70b75740c4950fd5bbbdc71981e6fe88e3` and proxy to this dir, it will be secure as long as no one knows **obfuscator** (you should keep it secret).
56
56
* You proxy to https (TLS) so no man in the middle attack could get a hold of the obfuscator.
57
57
58
+
### 1.5 Is it fast?
59
+
60
+
* The short answer is: meeeeh
61
+
* Currently there is no real good proxy implementation in place that would cache files.
62
+
* So for every GET request you have internal GET calls to github pages whose responses are directly returned to the user.
63
+
* At least the Authentication is fast and optimized via JWT Auth Cookie. That reduces the auth calls on the github API.
0 commit comments