Button to dismiss password warning

Luckily the automatic search function prevented me from posting the following question again:

I think this banner should have an option like “I know what I am doing, stop bothering me” or a reference to the advanced settings. Any reason not to do that? Nobody cares to implement doesn’t count, because I might, and I should be able to do this without creating a UI-carcrash :stuck_out_tongue:

I think my scenario is common enough: I want to expose the Syncthing instance on a homeserver to the home network. All data is accessible on this network anyway, so a password is pointless.

I wouldn’t mind, but @calmh needs to bless it too because maybe he didn’t add it there in the first place for reason.

I do not want this to be a “yeah, whatevs, I’ll deal with it later” clicks dismiss, forgets all about it kind of thing. I’d be fine with there being a link to the relevant documentation article, explaining the trade offs involved and the magic incantation to tone it down (at the bottom).

2 Likes

You could overcome this with a reverse proxy that does the Basic auth for you. You then connect to the reverse proxy and you’ll transparently connect without a password, but syncthing will think you have one set and not bother you.

I was surprised enough that you can even set up syncthing without a password in the first place. Just save the password in your browsers if you want to bypass it easily. Like Jakob says, it’s highly likely this will just result in loads of users exposing loads of their data.

I think a good compromise for power users who “really know what they’re doing” would be an advanced config directive that they have to set in the settings GUI but NOT via the warning message.

There is an advanced option “insecure admin access” that removes the big red warning. What remains is a once-at-startup reminder that this option is set, which is dismissable.

1 Like

I bet I guess who you think about :joy: