Normally TTRSS does not make use of HTTP authentication, but most clients can be configured to answer HTTP challenges. While the administrator can simply enforce HTTP authentication before handing off the request to PHP, implementing authentication in the TTRSS handler itself has some advantages:
The Arsse may have readier access to credentials
It's possible to prevent information leakage via feed icons not only from the public, but between authenticated users
Authentication can be generalized and the userPreAuth setting honoured in TTRSS as well
Normally TTRSS does not make use of HTTP authentication, but most clients can be configured to answer HTTP challenges. While the administrator can simply enforce HTTP authentication before handing off the request to PHP, implementing authentication in the TTRSS handler itself has some advantages:
1. The Arsse may have readier access to credentials
2. It's possible to prevent information leakage via feed icons not only from the public, but between authenticated users
3. Authentication can be generalized and the `userPreAuth` setting honoured in TTRSS as well
jking
added this to the Omitted features milestone 6 years ago
Normally TTRSS does not make use of HTTP authentication, but most clients can be configured to answer HTTP challenges. While the administrator can simply enforce HTTP authentication before handing off the request to PHP, implementing authentication in the TTRSS handler itself has some advantages:
userPreAuth
setting honoured in TTRSS as well