diff --git a/README.md b/README.md index 52a39ae..791f736 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ module.exports = withPlugins([ ### When controlling by IP -Control by IP of access source (x-forwarded-for). +Control by IP of request source (x-forwarded-for). Specify the IPs to be allowed as a string or an array of strings, which can be written in CIDR format. ```js @@ -89,12 +89,19 @@ const withFortress = require('next-fortress')({ { inspectBy: 'ip', ips: ['11.22.33.0/24', '111.222.0.0/16'], // It can be written in CIDR format. + failSafe: true, // See description below. // ...controlMode } ] }) ``` +It uses `x-forwarded-for` to get the IP of the requestor. Therefore, it is not possible to control by IP in the development environment. +You can use `failSafe` to control whether the request is controlled or passed through in the case that such an IP could not be gotten. +- `failSafe?: boolean`: The default value is `process.env.NODE_ENV === 'production'`. + - `true`: If it fails to get the IP, it must control the request according to the control mode. + - `false`: If it fails to get the IP, the request will be passed through. + #### Redirect ```js const withFortress = require('next-fortress')({ @@ -113,7 +120,7 @@ const withFortress = require('next-fortress')({ }) ``` -#### Access Block +#### Request Block ```js const withFortress = require('next-fortress')({ forts: [ @@ -173,7 +180,7 @@ const withFortress = require('next-fortress')({ **Control Mode** - `redirect`: See [Redirect](#redirect) -- `block`: See [Access Block](#access-block) +- `block`: See [Request Block](#request-block) - `rewrite`: See [Rewrite](#rewrite) Put useFortressWithFirebase in your page/_app.jsx. @@ -211,7 +218,7 @@ const withFortress = require('next-fortress')({ **Control Mode** - `redirect`: See [Redirect](#redirect) -- `block`: See [Access Block](#access-block) +- `block`: See [Request Block](#request-block) - `rewrite`: See [Rewrite](#rewrite) Add `ssr: true` to the client side `Amplify.configure`. @@ -243,7 +250,7 @@ const withFortress = require('next-fortress')({ **Control Mode** - `redirect`: See [Redirect](#redirect) -- `block`: See [Access Block](#access-block) +- `block`: See [Request Block](#request-block) - `rewrite`: See [Rewrite](#rewrite) --- @@ -307,7 +314,7 @@ const withFortress = require('next-fortress')({ ## :construction: Caution -**Please do not use `next/link` to generate links to pages subject to access control.** +**Please do not use `next/link` to generate links to pages you want to control access to.** The link tag generated by `next/link` will request the target page for a js file when clicked. Unfortunately, it is not possible to control access to that URL.