TheMeanCanEHdian
commented
3 years ago I am expecting to have a test build with header support available in the coming days. If anyone is interested in helping to test please DM me on Discord with your platform (iOS/Android) and the email you use for either TestFlight or Google Play.
Is your feature request related to a problem? Please describe. I have Tautulli behind Organizr and its authentication method via NGINX. This requires users to authenticate against Organizr prior to being able to access the Tautulli endpoint, creating a hurdle for Tautulli Remote to access it. While it is possible to open up Tautulli's API endpoint only, this does create a hole in the system, especially if users have Fail2Ban and 2FA running on the Organizr authentication -- these security features would have to be bypassed for Tautulli's API.
Describe the solution you'd like Lunasea solved this issue with Custom Header support. Basically, you allow users to define a header name and value, and let these be sent alongside all requests to the Tautulli server. This is flexible enough that it could be used in scenarios other than Organizr like Authelia or even basic auth. NZB360 is planning this feature as well.
Describe alternatives you've considered Swift mentioned a way to modify the auth_request for Organizr to accept the API as a url parameter, but this can possibly break other applications. You can also remove auth_request on the Tautulli
/apiendpoint specifically. This is somewhat reasonable, but it requires users to modify their reverse proxies and opens up a hole in the security. As such, if I can run fail2ban on Tautulli directly, the negatives are fairly minimal, but figured I would ask regarding this feature first.