Replies: 2 comments
-
|
I'm open to that, but I don't know how it could be implemented in a simple and easy to understand way. It sounds simple in theory, any request that comes from a particular subnet is given admin privileges. But how do you identify which requests are coming from that subnet? If Clipface is behind a reverse proxy, all requests will be coming from the reverse proxy. In that case you need the reverse proxy to append the original source of the request as a HTTP header. But then you need to be really careful to properly configure the reverse proxy to not forward that header from the original request, or somebody could spoof it and get admin access. I would appreciate your input. |
Beta Was this translation helpful? Give feedback.
-
|
Good point about the reverse proxy... not sure what's the best way to do that. The mentioned other project didn't have a reverse proxy or had one recommended so I guess that made it easier. |
Beta Was this translation helpful? Give feedback.
-
This is not the first "self-hosted streamable" alternative I've been trying, and a different one had an interesting alternative security concept: you could set a subnet (e.g. 192.168.0.0/16) from which all requests are treated as admin, and then any public access from external IPs were only allowed to look at clip deep-links.
I was wondering if you were thinking about adding something like this :)
Beta Was this translation helpful? Give feedback.
All reactions