harden updatecenter public route methods

2026-06-18 10:37:53 -05:00
parent 4b58b0ca5f
commit 14195e5da7
4 changed files with 19 additions and 4 deletions
--- a/apps/fc-updater/README.md
+++ b/apps/fc-updater/README.md
@@ -43,5 +43,6 @@ shared origin cert must exist in every namespace that serves a
 ```powershell
 kubectl.exe --kubeconfig C:\Users\AndrewStoltz\.kube\rke2.yaml -n argocd get application infra-fc-updater
 kubectl.exe --kubeconfig C:\Users\AndrewStoltz\.kube\rke2.yaml -n fc-updater get deploy,svc,ingressroute,certificate,pvc
-curl.exe -sk https://update.flowercore.io/api/v1/manifests/_schema
+curl.exe -sk https://update.flowercore.io/
+curl.exe -sk -o NUL -w "%{http_code}`n" https://update.flowercore.io/login
 ```
--- a/apps/fc-updater/fc-updater.yaml
+++ b/apps/fc-updater/fc-updater.yaml
@@ -266,7 +266,7 @@ spec:
  entryPoints:
    - websecure
  routes:
-    - match: (Host(`update.flowercore.io`) || Host(`updates.flowercore.io`)) && (Method(`GET`) || Method(`HEAD`) || Method(`POST`) || Method(`OPTIONS`))
+    - match: (Host(`update.flowercore.io`) || Host(`updates.flowercore.io`)) && (Method(`GET`) || Method(`HEAD`))
      kind: Rule
      services:
        - name: updatecenter-web