Closed plorenz-etes closed 1 year ago
Hello @plorenz-etes , are you using this environment variable? ALLOWED_ACCESS_TO_RESTAPI
In that case you are correct and we should be less restrictive with that endpoint. I'll fix it and create a beta docker image for your deployment
@plorenz-etes
Here is the commit: https://github.com/OpenVidu/openvidu/commit/94bb69c4185335b4da917dc3808e9562de4d071a
And here is the docker image: openvidu/openvidu-proxy:2.27.0-beta1
Could you check it?
Hi @cruizba , thank you for providing a test image. I can confirm it's working great.
We are indeed using ALLOWED_ACCESS_TO_RESTAPI
.
Nice!, next version will have this bug fixed. For now, use 2.27.0-beta1
Describe the bug We have published our self-developed OpenVidu app which now includes the OpenVidu virtual background feature. However, many customers reported that the virtual background wouldn't work. After some investigation, we could actually find out that OpenVidu rejects downloading the
/openvidu/virtual-background/openvidu-virtual-background.js
file with HTTP error 403 (forbidden).Expected behavior When activating the virtual background, the mentioned JS file should be downloaded and the background should initialize.
Wrong current behavior Access to
/openvidu/virtual-background/openvidu-virtual-background.js
is blocked for most IPs. See below for a detailed investigation of the issue.OpenVidu tutorial where to replicate the error
Important: This is not reproducible with demo.openvidu.io, although I'm not quite sure why (maybe this works without openvidu-proxy).
OpenVidu deployment info
Client device info (if applicable) This issue affects any client device.
Screenshots This is a screenshot of a customer who was affected by this issue. Please note: while our customer couldn't even open the shown URL manually in her browser, we could access it because our IPs are whitelisted for API access:
Additional context We found out that
openvidu-proxy
contains the nginx configdefault_nginx_conf/global/pro/new_api_pro.conf
. There, the following location is defined:This basically means that only IP addresses with API access are allowed to receive content from
/openvidu/virtual-background
. In my opinion, this block should be replaced with: