Open mfulz opened 1 year ago
Hi, do you have VideoJS plugin installed in your Piwigo ?
Hi Sorry for the late reply. Yes I'v installed that plugin. The problem is, that the mobile app seems to ignore the session handling and want to use only the direct link to the file over the http server.
That would be a no go as it would completely disable the authorization handling by allowing the direct links in http-server
Not sure I understand your workarounds, I'm a rookie in server configurations. Are you saying that I'm not going for the right url ? Or is it more of a server sided issue ?
Not sure I understand your workarounds, I'm a rookie in server configurations. Are you saying that I'm not going for the right url ? Or is it more of a server sided issue ?
Ok let me try to explain: This is how a download is done from the webinterface: https://domain/action.php?id=27&part=e&download
This is what is called from the app: https://domain/upload/2022/10/22/20221022031035-670f3650.mp4
The issue by allowing the direct file path from the webserver would lead to bypassing the whole authentication / authorization as anyone who knows (bruteforcing would be way to easy here) the link can access the files.
That leads non usable videos at all from out the mobile app. The same problem occures for the webapplication when trying to play a video, but at least is working when downloading.
Let me know if you need more explanation
Edith: this is the part (at least for nginx) of the server configuraiton I'm talking about:
location ~ ^/(_data/logs|upload)/ { deny all; }
Thanks, that helps
Great let me know if I can help you in any way further :)
Hi, I saw there were an issue with downloading video files, making them unplayable. It is fixed, but I don't think it was related to this issue.
I Want to reference this Issue: https://github.com/Piwigo/Piwigo/issues/1765
It is impossible to download non picture files in mobile app, without session protection, as the app just want to access the direct path, which shouldn't be made public.