API: Exposed for WebRTC without any access control #2684
Labels
Bug
It might be a bug.
EnglishNative
This issue is conveyed exclusively in English.
WebRTC
WebRTC, RTC2RTMP or RTMP2RTC.
Milestone
With WebRTC we need to expose http_api to public.
Why there isn't any access control for http_api?
User can send HTTP to /rtc/v1/play/ - which is OK.
But... there is also /api/v1/streams/ /api/v1/clients/ accessible for everyone in internet...
We need to setup reverse-proxy between client and SRS server?
The text was updated successfully, but these errors were encountered: