Talon/chat_grid
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix media proxy auth origin forwarding

Browse Source
This commit is contained in:
Jage9
2026-03-08 23:04:37 -04:00
parent 19b593b1aa
commit b229e20ae2
4 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/README.md
View File

@@ -108,7 +108,7 @@ ProxyPassReverse /listen/8000/ http://127.0.0.1:8000/
`deploy/php/media_proxy.php` is copied into your publish directory by `deploy_client.sh`.
When `server/.env` contains `CHGRID_HOST_ORIGIN`, `deploy_client.sh` also generates `media_proxy.config.php` in the publish directory so the proxy can enforce the same origin and validate authenticated sessions without extra Apache-specific config. The generated file derives the local auth-check URL from `server/config.toml`, so custom signaling ports continue to work.
When `server/.env` contains `CHGRID_HOST_ORIGIN`, `deploy_client.sh` also generates `media_proxy.config.php` in the publish directory so the proxy can enforce the same origin and validate authenticated sessions without extra Apache-specific config. The generated file derives the local auth-check URL from `server/config.toml`, so custom signaling ports continue to work, and the proxy reuses `CHGRID_HOST_ORIGIN` for its internal auth check.
If you deploy the PHP proxy some other way, you can still provide `CHGRID_HOST_ORIGIN` directly through your PHP/web-server environment.

5
deploy/php/media_proxy.php
View File

@@ -187,7 +187,7 @@ function load_proxy_session_check_url()
return $value;
}
function require_valid_proxy_session($sessionCheckUrl)
function require_valid_proxy_session($sessionCheckUrl, $allowedOrigin)
{
$cookieHeader = isset($_SERVER['HTTP_COOKIE']) ? trim((string) $_SERVER['HTTP_COOKIE']) : '';
if ($cookieHeader === '') {
@@ -216,6 +216,7 @@ function require_valid_proxy_session($sessionCheckUrl)
array(
'Cookie: ' . $cookieHeader,
'X-Chgrid-Auth-Client: 1',
'Origin: ' . $allowedOrigin,
)
);
@@ -521,7 +522,7 @@ if ($method !== 'GET' && $method !== 'HEAD') {
send_text(405, 'method not allowed');
}
require_valid_proxy_session($sessionCheckUrl);
require_valid_proxy_session($sessionCheckUrl, $allowedOrigin);
$rawUrl = isset($_GET['url']) ? trim((string) $_GET['url']) : '';
if ($rawUrl === '') {