You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A fork from the official Cloudflare Stream plugin 1.0.5 for WordPress. This fork looks to achieve these key features:
10
10
11
-
* Take full advantage of Cloudflare Stream's security features.
12
-
* Uses signed URL's / tokens, so video access can be strictly controlled and limited.
13
-
* Uses a limited access API token for API access, eliminating the use of the global API key which presents a huge security risk.
14
-
* Incorporate additional features and new features as they're made available.
15
-
16
-
The Gutenberg Block method of adding videos appears to be broken (in the original plugin also). I've only left code related to the Gutenberg Block in this fork, so as to not break existing content should you switch from the official plugin. Adding new block content will fail as the global API key it's expecting to use is no longer stored in this plugin. Note the Gutenberg Block as it currently exists, does not support signed URL's / tokens.
17
-
18
-
USE THE SHORTCODE METHOD INSTEAD. [See Shortcode section below](#shortcode).
11
+
- Rebuild and upgrade the Block that is currently broken in official plugin.
12
+
- Take full advantage of Cloudflare Stream's security features.
13
+
- Uses signed URL's / tokens, so video access can be strictly controlled and limited.
14
+
- Uses a limited access API token for API access, eliminating the use of the global API key which presents security risk.
15
+
- Incorporate additional features and new features as they're made available.
19
16
17
+
The Block method of adding videos is currently limited to upload only. Browsing and selecting content from your Cloudflare Stream Library is not yet fixed. Legacy Block content is supported in a deprecated form, but will not take advantage of new features such as signed URLs.
18
+
For now, using the shortcode method is still the most appropriate way to insert content already in your Stream Library. [See Shortcode section below](#shortcode).
20
19
21
20
The original official plugin:
22
21
https://wordpress.org/plugins/cloudflare-stream/
23
-
24
22
Official plugin GitHub page:
25
23
https://github.com/cloudflare/stream-wordpress
26
24
25
+
## Changes from Official
27
26
28
-
Changes from Official
29
-
------------
30
-
* Shortcode method (optionally) uses signed URL's / tokens.
- Uses API Token based API access, for MUCH more secure Cloudflare account access.
31
+
- Any existing API Key and API account email stored in the database are deleted when the settings page is accessed.
32
+
- If updating from version older than 1.0.6, you'll need to enter your Cloudflare API Token and Cloudflare Account ID in the configuration page.
33
+
- Added admin setting for signed URL/token duration (default is otherwise 1 hour).
34
+
- Added admin toggle for whether or not to use signed URLs/tokens.
35
+
- Can select Cloudflare media domain, including new account specific sub-domain.
39
36
37
+
## To-Do
40
38
41
-
To-Do
42
-
------------
43
-
* Rebuild Gutenberg block with dynamic support for signed URL's.
39
+
- Block: Fix browsing and adding videos from the Cloudflare Stream Library possible.
44
40
41
+
## Issues
45
42
46
-
Issues
47
-
------------
48
-
* The Gutenberg Block method of adding videos is failing. This is failing in the original plugin too. Shortcode method is working though. Details on how to use it are below.
43
+
- When using the Block, browsing and selecting content from your Cloudflare Stream Library is not yet resolved.
49
44
45
+
## Installation
50
46
47
+
- Download the full plugin ZIP file from the [latest release of this plugin](https://github.com/B-Interactive/cloudflare-stream-wordpress/releases/latest)
48
+
- In the WordPress admin panel, go to Plugins > Add New > Upload Plugin and upload the ZIP file
49
+
- Click the "Activate" button
50
+
- In the WordPress admin panel, visit the Plugins section Activate the Cloudflare Stream plugin.
51
51
52
-
Installation
53
-
------------
54
-
* Download the full plugin ZIP file from the [latest release of this plugin](https://github.com/B-Interactive/cloudflare-stream-wordpress/releases/latest)
55
-
* In the WordPress admin panel, go to Plugins > Add New > Upload Plugin and upload the ZIP file
56
-
* Click the "Activate" button
57
-
* In the WordPress admin panel, visit the Plugins section Activate the Cloudflare Stream plugin.
52
+
## Admin Settings
58
53
59
-
60
-
Admin Settings
61
-
------------
62
-
The admin area has been completely revised from the official plugin. Instead of using the all-controlling global API key, this now makes use of a much more secure API token, which only permits the plugin limited access to a Cloudflare account. When the admin settings are accessed, any existing API key and email stored in the database, are deleted from the database as these are no longer needed and their presence is a security risks.
54
+
The admin area has been completely revised from the official plugin. Instead of using the all-controlling global API key, this now makes use of a much more secure API token, which only permits the plugin limited access to a Cloudflare account. When the admin settings are accessed, any existing API key and email stored in the database, are deleted from the database as these are no longer needed and their presence is a security risks.
-**Cloudflare** > [domain] > **Overview** > [scroll down to API section on the right and copy the Account ID].
61
+
62
+
### API Token
66
63
67
-
### API Account ID ###
68
-
***Cloudflare** > [domain] > **Overview** > [scroll down to API section on the right and copy the Account ID].
64
+
An API token must be created in your Cloudflare dashboard, for this plugin. For security sake, the token should only be used for this plugin and provide only the permissions necesarry for the plugin to work. I'd https://www.gnu.org/licenses/old-licenses/gpl-2.0.htmlrecommend setting up Client IP Address Filtering when creating the token too. Where feasible, restrict access to only the IP addresses that need it (eg: your webserver's IP where WordPress is installed).
69
65
70
-
### API Token ###
71
-
An API token must be created in your Cloudflare dashboard, for this plugin. For security sake, the token should only be used for this plugin and provide only the permissions necesarry for the plugin to work. I'd recommend setting up Client IP Address Filtering when creating the token too. Where feasible, restrict access to only the IP addresses that need it (eg: your webserver's IP where WordPress is installed).
Must have permission for: **Account - Stream:Edit**
74
68
75
-
### Use Signed URLs ###
76
-
When this is checked [x], videos are accessed using a temporary time-limited token, aka signed URL. This alone does not secure your content however. Please see **[Securing Video Access](#securing-video-access)** below for further details on how to do that.
69
+
### Use Signed URLs
70
+
71
+
When this is checked [x], videos are accessed using a temporary time-limited token, aka signed URL. This alone does not secure your content however. Please see **[Securing Video Access](#securing-video-access)** below for further details on how to do that.
72
+
73
+
### Signed URL Expiration
77
74
78
-
### Signed URL Expiration ###
79
75
When **Use Signed URLs** is checked [x], this setting controls how long any particular token / signed ULR is valid for **in minutes**. The Cloudflare default, is 60 minutes. Generally, you'd want to make sure this is larger than your longest video.
80
76
81
-
### Preferred Media Domain ###
82
-
This option allows you to select from a small list of different Cloudflare media domains. This domain is used when delivering content to your users. The 3rd option is a unique subdomain specific to your Cloudflare account. This option will only be presented if you have at least one video already uploaded to your Cloudflare Stream account.
77
+
### Preferred Media Domain
83
78
79
+
This option allows you to select from a small list of different Cloudflare media domains. This domain is used when delivering content to your users. The 3rd option is a unique subdomain specific to your Cloudflare account. This option will only be presented if you have at least one video already uploaded to your Cloudflare Stream account.
84
80
85
-
Securing Video Access
86
-
------------
81
+
## Securing Video Access
87
82
88
-
1. Make sure **Use Signed URLs** is checked [x], in the admin settings. **This feature alone does not secure your videos.** The original ID of your videos is still accessible and could be used to access them.
83
+
1. Make sure **Use Signed URLs** is checked [x], in the admin settings. **This feature alone does not secure your videos.** The original ID of your videos is still accessible and could be used to access them.
0 commit comments