Description
New Issue Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
- I can reproduce the issue with the latest version of Parse Server.
Issue Description
Parse-server 6.0.0 allow to restrict IPs than can use the MasterKey using the option "masterKeyIps".
The documentation says "Setting ['0.0.0.0/0'] means disabling the filter and the master key can be used from any IP address".
In fact, even localhost is blocked.
Steps to reproduce
Juste install and configure Parse-Server v6 with the last Parse-Dashboard on your local machine.
Try to launch without the "masterKeyIps" option. Parse dashboard should works well.
Try with masterKeyIps: ['0.0.0.0/0'], after login, Parse Dashboard should display "Server not reachable: unauthorized: master key is required" and the node console should display "error: Request using master key rejected as the request IP address '::1' is not set in Parse Server option 'masterKeyIps'."
Actual Outcome
MasterKey is not usable anywhere with masterKeyIps: ['0.0.0.0/0']
Expected Outcome
MasterKey should be usable everywhere with masterKeyIps: ['0.0.0.0/0']
Environment
parse-server 6.0.0
parse-dashboard 5.0.0
Server
- Parse Server version: 6.0.0
- Operating system: Windows 10
- Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): Local
Database
- System (MongoDB or Postgres): Postgres
- Database version: 15
- Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): Local
Client
- SDK (iOS, Android, JavaScript, PHP, Unity, etc): JS
- SDK version: 4.0.0
Logs
error: Request using master key rejected as the request IP address '::1' is not set in Parse Server option 'masterKeyIps'.
Error: unauthorized: master key is required
at handler (C:\GitProjects\jdm\node_modules\parse-server\src\middlewares.js:459:19)
at C:\GitProjects\jdm\node_modules\parse-server\src\PromiseRouter.js:72:20
at processTicksAndRejections (node:internal/process/task_queues:95:5)