8x48/homepage
1
0
Fork 0
mirror of https://github.com/gethomepage/homepage.git synced 2026-02-07 16:30:52 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

save this

Browse Source 
[ci skip]
This commit is contained in:
shamoon
2026-01-20 21:19:39 -08:00
parent 872a3600aa
commit 0660b91d94
8 changed files with 299 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -68,7 +68,10 @@ For configuration options, examples and more, [please check out the homepage doc
## Security Notice 🔒
Please note that when using features such as widgets, Homepage can access personal information (for example from your home automation system) and Homepage currently does not (and is not planned to) include any authentication layer itself. If Homepage is reachable from any untrusted network, it **must** sit behind a reverse proxy (and/or VPN) that enforces authentication, TLS, and strictly validates Host headers. The built-in host check in Homepage is a best-effort guard and should not be treated as security when exposed publicly.
Please note that when using features such as widgets, Homepage can access personal information (for example from your home automation system). To keep your information private, if Homepage is reachable from any untrusted network, it:
1. **must** sit behind a reverse proxy (and/or VPN) that enforces authentication, TLS, and strictly validates Host headers. OR
2. An optional built-in OIDC login flow is available (opt-in) to gate the app without a reverse proxy; it is a simple “authenticated or not” guard (no per-user roles or personalization).
## With Docker