Skip to content

Commit aa21fba

Browse files
SomajitDeySomajitDey
authored
Update README.md
1 parent f99d48e commit aa21fba

1 file changed

Lines changed: 3 additions & 2 deletions

File tree

README.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ Securelay works in the following ways:
1818

1919
**CORS:** Allowing CORS is a must. Otherwise, browsers would block client side calls to the API. So securelay server replies with the HEADER- `Access-Control-Allow-Origin: *`
2020

21-
**Futureproof:** The URL(s) of the API endpoint(s) may be found with a GET at https://cdn.jsdelivr.net/gh/securelay/api/endpoints.json courtesy of [jsdelivr](https://www.jsdelivr.com/?docs=gh). This requires storing the list of URLs in JSON format in a endpoints.json file in the https://github.com/securelay/api repository.
21+
**Futureproof:** The URL(s) of the API endpoint(s) may be found with a GET at https://cdn.jsdelivr.net/gh/securelay/api/endpoints.json courtesy of [jsdelivr](https://www.jsdelivr.com/?docs=gh). So it acts as a sort of dynamic DNS. This requires storing the list of URLs in minified JSON format in a endpoints.json file in the https://github.com/securelay/api repository. The format is `[{"<id>":["<url1>","<url2>", ...]}...]` where `<id>` is unique for a database. i.e. if two separate endpoints `url1` and `url2` share the same database, then a POST at `url1` maybe retrieved with a GET at `url2`. so those URLs are interchangeable, may be used for load balancing.
2222

2323
# Security
2424
Security is brought about by the use of dual paths, one private and the other public. Note here that other relay services like [piping-server](https://github.com/nwtgck/piping-server), [http-relay](https://httprelay.io) or [pipeto.me](https://pipeto.me) use the same path for both GET and POST.
@@ -48,14 +48,15 @@ It also accepts POSTs only if they have Content-Length less than a strict size-l
4848

4949
Another limit is imposed on how long POSTed data persists.
5050

51-
Requests to all private paths are heavily rate-limited, say, at max 1 request per minute.
51+
Requests to all private paths are heavily rate-limited, say, at max 60 requests per minute. After a certain number of 429 responses 403 bans are imposed. [404s are also rate limited](https://github.com/fastify/fastify-rate-limit?tab=readme-ov-file#preventing-guessing-of-urls-through-404s).
5252

5353
# Use cases
5454
- Forms
5555
- Comments
5656
- Chats
5757
- PubSub
5858
- Dynamic Key Value Store
59+
- Dynamic DNS
5960
- Single click URL shortener
6061
- Configuration sharing between microservices
6162

0 commit comments

Comments
 (0)