Is your feature request related to a problem? Please describe.
I want to reduce the attack surface for my self-hosted setup, so I generally use an authentication middleware on-top of the normal login feature of the app I'm hosting. So before any request hits the app it has already passed an auth layer (of an implementation specialist in this).
The consequence is that if I want to use anything else than a web browser to access my services the app needs to support this type of double auth. The easiest way to do this is to pass a custom header with the additional secret on each request.
Describe the solution you'd like
It would be great if during server setup there would be (a toggleable) advanced options menu, where the custom header name and value could be specified. Like this it should be flexible enough to allow for different setups. For example the Cloudflare tunnel auth "bypass".
Describe alternatives you've considered
- Using a VPN to only have trusted traffic, requires additional setup and is less accessible for potential other users of the instance
- using mTLS, same considerations to the first point
Additional context
The same/similar request for Lissen GrakovNe/lissen-android#25
P.S.: Thanks for developing this app!
Is your feature request related to a problem? Please describe.
I want to reduce the attack surface for my self-hosted setup, so I generally use an authentication middleware on-top of the normal login feature of the app I'm hosting. So before any request hits the app it has already passed an auth layer (of an implementation specialist in this).
The consequence is that if I want to use anything else than a web browser to access my services the app needs to support this type of double auth. The easiest way to do this is to pass a custom header with the additional secret on each request.
Describe the solution you'd like
It would be great if during server setup there would be (a toggleable) advanced options menu, where the custom header name and value could be specified. Like this it should be flexible enough to allow for different setups. For example the Cloudflare tunnel auth "bypass".
Describe alternatives you've considered
Additional context
The same/similar request for Lissen GrakovNe/lissen-android#25
P.S.: Thanks for developing this app!