As mentioned in https://github.com/scottlamb/moonfire-nvr/issues/218#issuecomment-1098689618, there's a problem with my 0.7.3 security fix (changelog entry, commit). If the browser URL has a port number (including the out-of-the-box instructions to use port 8080), the live stream will never authenticate properly. Rather than the server accepting the websocket upgrade, it will send back a HTTP 403 with a body like this:
As mentioned in https://github.com/scottlamb/moonfire-nvr/issues/218#issuecomment-1098689618, there's a problem with my 0.7.3 security fix (changelog entry, commit). If the browser URL has a port number (including the out-of-the-box instructions to use port 8080), the live stream will never authenticate properly. Rather than the server accepting the websocket upgrade, it will send back a HTTP 403 with a body like this:
...which the browser UI won't show. It'll just give the classic
ws close: 1006error.