feat: add captive portal (zero-trust proxy) authentication support#695
Open
jerzykrlk wants to merge 1 commit into
Open
feat: add captive portal (zero-trust proxy) authentication support#695jerzykrlk wants to merge 1 commit into
jerzykrlk wants to merge 1 commit into
Conversation
Detect when the server is behind a zero-trust proxy (Cloudflare Access, Authelia, etc.) and present an embedded browser for authentication. Cookies are persisted and forwarded to all request paths including audio streaming. Session is cleared on explicit logout but preserved on token expiry for seamless re-authentication.
Owner
|
First of all thank you for providing PRs. |
Author
|
Hello @BLeeEZ , thanks for the reply! I didn't think of that before, apologies. I'll find something suitable and get back to you. |
|
@jerzykrlk I'd love to see this PR merged, so if there's anything I can do to help with testing (eg. I could set up a sample Navidrome instance behind a CF Zero Trust tunnel for @BLeeEZ) - please let me know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hello all,
This MR detects when the server is behind a zero-trust proxy (Cloudflare Access, Authelia, etc.) and present an embedded browser for authentication.
Cookies are persisted and forwarded to all request paths including audio streaming. Session is cleared on explicit logout but preserved on token expiry for seamless re-authentication.
It's slightly related to #694 - I just thought it would be useful for those who don't want to generate a private key.
Thanks!