This repository has been archived by the owner on Jun 29, 2024. It is now read-only.
Add custom header (ie: X-Api-Key) to all requests #132
Labels
enhancement
New feature or request
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is your feature request related to a problem? Please describe.
Paperless isn’t supposed to be exposed to the web without authentication. A popular choice is authelia or authentik, which send a user to a login page, possibly with MFA, and then sends a user through. This is called ForwardAuth.
Describe the solution you'd like
A common workaround is to have a header, X-Api-Key, which bypasses the authentication if it is known. It is a long string which is known only to the client program. Ideally I’d like all http requests to include this header.
Describe alternatives you've considered
Opening IPs, using it locally, using a VPN. This is a popular solution.
mTLS is also a good alternative and is supported by Paperless Mobile (the competing app currently in TestFlight). I’d also support that addition.
Additional context
As an example, a similar approach: https://www.reddit.com/r/LunaSeaApp/comments/uogs1u/radarr_behind_authelia/i8gedxk/
The text was updated successfully, but these errors were encountered: