From 5e1e23e209eec75a396c18f8eee3d93a9e196bfc Mon Sep 17 00:00:00 2001
From: Dan Engelbrecht <dan.engelbrecht@epicgames.com>
Date: Tue, 17 Feb 2026 14:00:53 +0100
Subject: add http server root password protection (#757)

- Feature: Added `--security-config-path` option to zenserver to configure security settings
  - Expects a path to a .json file
  - Default is an empty path resulting in no extra security settings and legacy behavior
  - Current support is a top level filter of incoming http requests restricted to the `password` type
  - `password` type will check the `Authorization` header and match it to the selected authorization strategy
  - Currently the security settings is very basic and configured to a fixed username+password at startup

        {
            "http" {
                "root": {
                    "filter": {
                        "type": "password",
                        "config": {
	                          "password": {
	                              "username": "<username>",
	                              "password": "<password>"
	                          },
                            "protect-machine-local-requests": false,
	                          "unprotected-uris": [
	                              "/health/",
	                              "/health/info",
	                              "/health/version"
	                          ]
                        }
                    }
                }
            }
        }
---
 src/zenhttp/servers/httpnull.cpp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/zenhttp/servers/httpnull.cpp')

diff --git a/src/zenhttp/servers/httpnull.cpp b/src/zenhttp/servers/httpnull.cpp
index db360c5fb..9bb7ef3bc 100644
--- a/src/zenhttp/servers/httpnull.cpp
+++ b/src/zenhttp/servers/httpnull.cpp
@@ -57,6 +57,7 @@ HttpNullServer::OnRun(bool IsInteractiveSession)
 
 			if (c == 27 || c == 'Q' || c == 'q')
 			{
+				m_ShutdownEvent.Set();
 				RequestApplicationExit(0);
 			}
 		}
-- 
cgit v1.2.3