Custom HTTP Headers #56
Replies: 4 comments 18 replies
-
|
So these headers would need to be added to every request? Would they need to be added before logging in? This seems pretty simple. I could add the custom header option to the login page and settings page. |
Beta Was this translation helpful? Give feedback.
-
|
Exactly. There is normally an "advanced settings" button directly on the login page (and later in the settings) and the headers are simply added to every request. This way one can create a Cloudlfare Access Policy which permits requests to the origin if the headers are present. |
Beta Was this translation helpful? Give feedback.
-
|
Yea, this feature seems useful. I will see about getting it added this weekend. I will post any updates or questions on this thread. |
Beta Was this translation helpful? Give feedback.
-
|
Here is an example of how this is done in Tautulli, one can add many different headers, simply defining the Header Key and Header Value. It also works for anything, not only Cloudflare, if the Key and Value can be freely defined.
|
Beta Was this translation helpful? Give feedback.
-
|
Quick update, most of the hard work is done, the UI, just have to implement the headers into the Server API. I am getting side tracked now, but hope to have this finished and released I am Beta Testing this now: https://github.com/cssnr/zipline-android/releases/tag/1.0.18-beta.2 PR: #57 ui.mp4 |
Beta Was this translation helpful? Give feedback.
-
|
@nikolanovoselec If you are using GitHub or Obtainium this release, 1.0.18, is live now. https://github.com/cssnr/zipline-android/releases/tag/1.0.18 It may take a few hours to show up on Google Play, and may take longer. |
Beta Was this translation helpful? Give feedback.
-
|
v1.0.18 is now live across the board. I'm off to bed tho, but let me know how it works and I will check in tomorrow. |
Beta Was this translation helpful? Give feedback.
-
|
Good news is the custom headers work, I see incoming requests on the Cloudflare WAF and the headers pass the Cloudflare Access checks. I get failed logins to Zipline, maybe because I have 2FA activated, does the app support this?
|
Beta Was this translation helpful? Give feedback.
-
|
Which 2 factor do you use? Currently it does not support 2 factor. But I can look in that adding this tomorrow. As a work around you should be able to disable 2 factor and log in and then re-enable 2 factor. |
Beta Was this translation helpful? Give feedback.
-
|
I will try that later, now go to sleep. 😜 |
Beta Was this translation helpful? Give feedback.
-
|
Quick update, I added TOTP to the Login. I am working on getting this tested and released now. PR: #58 totp.mp4 |
Beta Was this translation helpful? Give feedback.
-
|
@nikolanovoselec Two-Factor is now Live in version Let me know how it goes... |
Beta Was this translation helpful? Give feedback.
-
|
I had the initial login using TOTP and custom headers succeed, but once closing the tutorial I got kicked back to the login screen. Now I cannot log in again, even after deleting the storage / cache. I get the error you can see on the screenshot.
|
Beta Was this translation helpful? Give feedback.
-
|
That means there was an error parsing the JSON response from the server, at the root. I am pretty sure it is this line throwing: This means the server responded with a 200 response at I will do some brainstorming, in the mean time, can you double check your server version by clicking on the version number in the bottom left?
|
Beta Was this translation helpful? Give feedback.
-
|
I have the latest version.
|
Beta Was this translation helpful? Give feedback.
-
|
Currently I am at a loss. I am using a newer than latest version, but, it was not that simple. Before this version I was not parsing the login response body. If I can't think of anything I will revert that change and/or update the logging. But its bedtime again, so I will sleep on it and cut a new release tomorrow. |
Beta Was this translation helpful? Give feedback.
-
|
I needed to parse the login response to support two-factor, so I took the time to add a debug logging feature i had in the backlog. In v1.0.21 you can enable logging and view the login response code and body (if successful).
If this does not help us, you will have to provide me access to your server so I can debug the issue since I can not reproduce it locally. Again, let me know how it goes, and Ill check back later. |
Beta Was this translation helpful? Give feedback.
-
|
Hey man. Sorry, I totally forgot about this discussion. A few days ago I decided to build an app for Zipline with exactly the features I need and here it is - https://github.com/nikolanovoselec/zipline-native. I decided to go with Flutter, since I keep changing devices and might want to use this on iOS or MacOS at some point (optimized for Android at the moment). Cheers. |
Beta Was this translation helpful? Give feedback.
-
|
That is interesting, I am working on a Flutter app myself: https://github.com/cssnr/tibs3dprints-flutter I am curious however, did you not get the application to work? I can make you a debug build which you can easily view the logs in logcat or android studio. I have also added a bunch more features and a documentation site: https://zipline-android.cssnr.com/ Either way, cheer and I will check it out... |
Beta Was this translation helpful? Give feedback.
-
|
I did get the app to work. It's just that I am very happy with the webapp you made, so rebuilding the whole thing seemed unnecessary to me. I wanted an app that does only the bare minimum, pretty much what the webapplication can't - native sharing support with queueing and clipboard integration. I have implemented this first as a PWA, but since the Web Share Target API is completely broken (it passes URLs, but doesn't work for files), I decided to build it with Flutter. The only "special" thing I added are the Cloudflare headers and OIDC support. BTW, I had to build a workaround for OIDC, to catch the callback redirect using Cloudflare Workers. Would it be possible to add a "mobile app callback URL" to the Zipline settings, so that Zipline can redirect back to an app, if the OIDC flow was triggered from a native mobile client? This would make my workaround redundant. BTW2: This link from https://zipline-android.cssnr.com/ throws an error. |
Beta Was this translation helpful? Give feedback.
-
It now has a Native File List with bulk selection and a User/Server Management page.
Native sharing support with clipboard integration was the very first feature I added. It also supports uploading multiple files (not sure what queueing is).
MY app should also support Cloudflare headers. I don't have OIDC support, but nobody has requested that yet.
Awe yes, thanks, I had expected to be live on Google Play by now, but I can't get the few people I know with Android to stop using Obtainium... If you want to download from Google Play you need to join the test here: #25 I do hope you were at least able to upload files natively with the app. It supports both Open With and Share intents. That was the main point of the application. Now it has a native file list with bulk selection, edit, and download. Not to mention a user section, with Avatar cropper and more... Please do check out these features and let me know if you have any issues. PS: I had an issue downloading the latest release of your app with Obtainium, it installed v1.0.0 for some reason. I will grab a manual download and test it out, probably tomorrow. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I am running the Zipline Admin Dashboard behind Cloudflare. Would it be possible to introduce support for custom HTTP Headers, so the app can access the API, without fiddling with certs and mTLS?
See screenshot as example, from Tautulli.
Beta Was this translation helpful? Give feedback.
All reactions