From 97e20ae0d00177be46547f7e8fa1183ec0d0adbe Mon Sep 17 00:00:00 2001
From: Trysdyn Black <trysdyn@voidfox.com>
Date: Fri, 20 Dec 2024 20:37:03 -0800
Subject: [PATCH] Add status endpoint to recommended proxy bypass

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 56e0d64..c0733f9 100644
--- a/README.md
+++ b/README.md
@@ -78,7 +78,7 @@ There's only a couple supported methods of customization at this time:
 
 # Security
 
-For the moment, security is the responsibility of the HTTP proxy. The CherryPy app does not do any kind of authentication (and you want to do authentication). You *should not* simply proxy all HTTPS traffic to the app and call it a day. You should add basic authentication for your `/management*` endpoints, and also add authentication to the endpoint named after your OvenMediaEngine applications if you want to secure them. You also need `/assets*` proxied without auth to the CherryPy app.
+For the moment, security is the responsibility of the HTTP proxy. The CherryPy app does not do any kind of authentication (and you want to do authentication). You *should not* simply proxy all HTTPS traffic to the app and call it a day. You should add basic authentication for your `/management*` endpoints, and also add authentication to the endpoint named after your OvenMediaEngine applications if you want to secure them. You also need `/status*` and `/assets*` proxied without auth to the CherryPy app.
 
 Even still, someone who knows an exact stream key can currently get the Websocket for your WebRTC sessions and the RTMP URL to push. This is an inherited weakness from OvenMediaEngine and would be a 2.0 goal to add viewer authentication and passphrases to the Admission Webhook.