Allow HTTP security options to be set via device settings

[knolleary]

Description

As a: flow creator

I want to: secure http end points served by the device agent

So that: they are secured to the same standard as hosted-instances

---

We can easily provide the basic auth option as that is hardcoded into the settings file. Provided FF Team auth is trickier as it requires oauth bounce to the platform and all the bits that entails. Need to think about how to achieve that securely when the device is running outside the security boundary of the platform

Acceptance Criteria

• Able to secure dashboard/http end points served by the device

Requested By

• https://app-eu1.hubspot.com/contacts/26586079/record/0-1/8936601

[robmarcer]

As a first iteration, just being able to do this via the settings file would be valuable.

This has just been requested by - https://app-eu1.hubspot.com/contacts/26586079/record/0-2/12971827644

[knolleary]

We don't expose the settings file for the user to edit.

One quick iteration would be to allow those settings to be set via the device.yml file - the only file we let the user edit.

The bigger iteration is providing a more consistent UX in the platform UI for modifying these settings.

[robmarcer]

Using the device.yml would work in this (https://app-eu1.hubspot.com/contacts/26586079/record/0-2/12971827644) customer's case @knolleary

[joepavitt]

Duplication of: FlowFuse/flowfuse#4204

[Steve-Mcl]

@joepavitt can you clarify the task in this iteration pls?

Nick states:

One quick iteration would be to allow those settings to be set via the device.yml file - the only file we let the user edit.

and

The bigger iteration is providing a more consistent UX in the platform UI for modifying these settings.