From 3a3b6ac137a5588d141c086f82e19a690ebb71a0 Mon Sep 17 00:00:00 2001
From: Haoxuan <hhx.xxm@gmail.com>
Date: Wed, 9 Oct 2024 15:20:22 +0800
Subject: [PATCH] docs(request-debug): add special note for loopback debug
 requests not requiring token (#13697)

Add a special note for `kong.conf.default` to mention that request debug is not authenticated with X-Request-Debug-Token when requests are originating from loopback.

KAG-5418
---
 kong.conf.default | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/kong.conf.default b/kong.conf.default
index 447efb3c0a67..37af25498a01 100644
--- a/kong.conf.default
+++ b/kong.conf.default
@@ -2264,8 +2264,11 @@
                                  #
                                  # - `X-Kong-Request-Debug-Token`:
                                  #   Token for authenticating the client making the debug
-                                 #   request to prevent abuse. Debug requests originating from loopback
-                                 #   addresses do not require this header.
+                                 #   request to prevent abuse.
+                                 #   ** Note: Debug requests originating from loopback
+                                 #   addresses do not require this header. Deploying Kong behind
+                                 #   other proxies may result in exposing the debug interface to
+                                 #   the public.**
                                  #
 #request_debug_token = <random>  # The Request Debug Token is used in the
                                  # `X-Kong-Request-Debug-Token` header to prevent abuse.