Dynamic TS Image Fetcher Header

michael_bln65 · May 17, 2020, 5:36pm

Hello, our TS Live Banner Team has long wanted a few simple changes that could actually be a matter of minutes.
These would be:

That you define a custom header in the TS3 and TS5 client for the server banner (TS image fetcher) with the dynamic information, e.g. x-ts-clid: {{client_id}}, which sends the current client ID to the image server.
You can do the same for the new TS5 channel banners.

Gamer92000 · May 17, 2020, 6:04pm

I mean it is not intended to have dynamic banners. So I think it’s fair that this is not a thing…
I think comparing IP addresses is not too hard if you really feel that you need dynamic banners.

michael_bln65 · May 17, 2020, 6:08pm

We are concerned with how to sort a user exactly, e.g you have 5 users in one household who are all on the TS server at the same time, then you have the problem that you cannot know exactly which one based on the IP User is concerned, this is of course also used, but only IP is ■■■■

Sky95 · May 17, 2020, 6:11pm

I had the same problem at a lan party, everyone was suddenly Marc.

MCG · May 18, 2020, 3:12pm

This idea could be great, and also doesn’t take much effort. I think a lot of creators can use this^^
Since it’s useful with the client ID to get them.

RandomHost · June 3, 2020, 3:47pm

I can see the use cases for these custom headers but I’m not comfortable with leaking even more internal information like client IDs to third parties.

The current image fetcher operates on the client side and already leaks the client IP address to third parties when loading external images within channel descriptions.

If these headers get added, there needs to be a way to whitelist specific trusted URLs or URL patterns to receive those headers.

You can’t brag about your awesome encryption features but then have the client broadcast internal data out into the world, even if it is just IDs.

And before anyone argues that IDs are not secret:

There is a difference between exchanging essential data between server and client in a controlled environment which is subject to ACLs and the server broadcasting that data out into the world without anyone even thinking about it.

michael_bln65 · June 5, 2020, 5:13pm

The abuse of privacy and the prosperity of TeamSpeak users is a problem, so I can understand your reasoning about the channel banner.
In relation to the server banner, on the other hand, I think it is quite justified.
I would also do it by default off (only remote address), but the server owner can say, “Hey, okay, nothing, our concept with the fantastic banner that we trust because it comes from ourselves.”.

Mareczin · June 5, 2020, 6:01pm

Nice idea bro