Skip to content
This repository was archived by the owner on Jun 29, 2024. It is now read-only.

Add custom header (ie: X-Api-Key) to all requests  #132

Description

@michaelkrieger

Is your feature request related to a problem? Please describe.
Paperless isn’t supposed to be exposed to the web without authentication. A popular choice is authelia or authentik, which send a user to a login page, possibly with MFA, and then sends a user through. This is called ForwardAuth.

Describe the solution you'd like
A common workaround is to have a header, X-Api-Key, which bypasses the authentication if it is known. It is a long string which is known only to the client program. Ideally I’d like all http requests to include this header.

Describe alternatives you've considered
Opening IPs, using it locally, using a VPN. This is a popular solution.

mTLS is also a good alternative and is supported by Paperless Mobile (the competing app currently in TestFlight). I’d also support that addition.

Additional context
As an example, a similar approach: https://www.reddit.com/r/LunaSeaApp/comments/uogs1u/radarr_behind_authelia/i8gedxk/

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions