From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-yw1-x112e.google.com (mail-yw1-x112e.google.com [IPv6:2607:f8b0:4864:20::112e]) by mail.toke.dk (Postfix) with ESMTPS id C192EA4F087 for ; Thu, 18 Jan 2024 15:56:41 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=ABCp6Goo Received: by mail-yw1-x112e.google.com with SMTP id 00721157ae682-5ebca94cf74so119202667b3.0 for ; Thu, 18 Jan 2024 06:56:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705589800; x=1706194600; darn=lists.galene.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=JjG3i0NLBldfvQfZiynvdcR5rP242x8ZsXk3IEQdpno=; b=ABCp6GooKdo09Os42MEJ2or44Cwe17ylMjgpIZ4rgz9L5AbxZjxQLV51BfQd2MbAKp qBBFADZbDcYxTNb1Bga7uXmQ0a+FHNPL6x1RzQSL1EM6YHYrOyPFnx7IKP9j5tb0pbEe 2XNx0g0g06z90UIGjmPycB0h6DJNP9UYiZKF2l5S3fd5Ue0gvPB9EGrjGCeDS028PhrI OAbnhIZs4tvgQc/km86GB9uxVMT3r7sRxfdMOtNz46oDp+uWQKfmEDbCFiU3wi8a1LSx 0Hp1F92GZ2Sw7fF/Y1u+oVh1wDbajKYbu2ZKzdfX7PhSIwzLvNDwZmr57RaSwtCp1fdW shVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705589800; x=1706194600; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JjG3i0NLBldfvQfZiynvdcR5rP242x8ZsXk3IEQdpno=; b=DM+DKHrfCxegMzV6d6qMl6ChE5ronrkDcW7845TjN4dnPlOMazdNIsA1q5PFocLdYT UfrgSdd3cEiXsuwUI0vXLxgmf6byL0BHbkQMIYXOrksLFgGpFHzCZ1i2B33P7AjfOG/v BmBLa3pZQB3+zOm4gCPKrDpM9A4ZRREMxiDmiJ/77XFZNlQVOIqKzKjUwH/vVDwwaxiB 9ZM4hjpOiPZ6Bg3P6naUsX+EK3b8vH7tvyX1hpTh7tESWmIpln7nV4F35cdS4QrRTKDw XyJP7SbPcSRO0CzjPZ5A2awDgtwlSM1mh9cOQZTWwHrelhlmj3CyLzBkRDc+12Npyyah Sa2Q== X-Gm-Message-State: AOJu0YyaqyUTBXIupFfy4e0GNr8SBrMu6bDcnzztOvqy+cgFL3dCgouf +vN5/9GBXfTdBgUT2EIs5M2NhC0V19zF7QGC4KchijeU8qEWfHFVaetzS2lFPdQbcr4Ausew09D tJ8U2ZWjEsWGO1TpF//67p/n1QRE= X-Google-Smtp-Source: AGHT+IHqQE461k8ADkjCex6WFR61bI69Rd4Idu4PkDebP787yFt+xgQnaDkIHbQMDQwY+olVbpdiJjwlahKZGse7HHI= X-Received: by 2002:a81:4fd4:0:b0:5ff:73b4:7edd with SMTP id d203-20020a814fd4000000b005ff73b47eddmr880890ywb.57.1705589800212; Thu, 18 Jan 2024 06:56:40 -0800 (PST) MIME-Version: 1.0 References: <87le8mzyog.wl-jch@irif.fr> In-Reply-To: <87le8mzyog.wl-jch@irif.fr> From: Francis Bolduc Date: Thu, 18 Jan 2024 09:56:29 -0500 Message-ID: To: Juliusz Chroboczek Content-Type: text/plain; charset="UTF-8" Message-ID-Hash: 6MDONRX4MR67POWIDBCCDHBJYNUHZ4A4 X-Message-ID-Hash: 6MDONRX4MR67POWIDBCCDHBJYNUHZ4A4 X-MailFrom: fbolduc@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.9 Precedence: list Subject: [Galene] Re: Behind reverse proxy, not at the root List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: > No, it's not currently supported. It wouldn't be too difficult to do, as > usual it's testing that's a pain. (Galene has a fairly extensive set of > units tests for low-level functionality, but there are no high-level tests > of the server as a whole, so I need to test manually with each release. > So the more configuration options we add, the more testing I need to do.) > > I'll think it over, but no promises. Thanks. I'll be happy to run some testing on my side if you have a preliminary branch. > (Off topic, but are you aware that by doing that you defeat sandboxing? > HTML5 performs sandboxing on a per-origin basis, not a per-subtree basis, > so when multiple applications are running on the same domain, a security > flaw in just one of the applications will allow exploitation of all of > them. For example, an XSS vulnerability in your files application will > allow an attacker to exfiltrate Galene's passwords. The more secure > configuration is to use a different hostname for each application, > files.example.org, stream.example.org, etc.) Yes, I am aware. But I don't have control over the DNS and can't add subdomains at will, unfortunately. :( And, in my case, it's a private server that isn't hosting anything of value. So we're comfortable with the risk.