Search Results for

Show / Hide Table of Contents

Security model

Thresh uses a local trust model aligned with normal local LCU HTTPS usage.

Trust boundary

LCU credentials are treated as sensitive.
Thresh intentionally restricts credential use to safe local loopback destinations.
Self-signed certificate handling is intentionally loopback scoped.

HTTP auth destination policy

LcuAuthHandler enforces this destination policy:

Relative request URIs are allowed and rebased to the active lockfile-derived LCU base address.
Absolute request URIs are allowed only when all checks pass:
- HTTPS scheme,
- loopback host (127.0.0.1, ::1, or localhost), and
- active lockfile port.
Any other absolute URI is rejected before credentials are attached and before the inner handler is invoked.

This fail-fast behavior is intentional and is designed to prevent credential leakage to non-local destinations.

Safe usage expectations

Prefer relative LCU paths for routine calls.
Use absolute URIs only when they satisfy the safe destination policy.
Avoid forwarding user-provided absolute URIs into the LCU-authenticated pipeline.
Keep lockfile discovery secure in your runtime environment.