difficulty adding headers

[ura]

the config i am using is inherited from the designers of the elgg platform
and i have explored it enough to know most of what it is doing.
perhaps i need to replace the location block that targets .php files with
one that explicitly lists all the possible locations of php files instead...
which would leave the possibility open for the new 'stream' location block i
am using here.

i was using the internal keyword since i am wanting to do what i can to
ensure that the video files are only available to site visitors once they
have passed a security process (handled by php and sql). the site here is a
social network and all media items have an associated privacy level - so the
files cannot all be public, which is the origin of these issues. the files
are held outside of the nginx site root directory for this reason.

> Streaming videos with php is silly, so recommended approach is
> "Don't do that".

how else can a video be served from a PHP social networking app, where the
file needs to be 'behind' privacy/security checks?
wouldn't there need to be some kind of PHP processing just to set up the
externally accessible path for the video file (after the viewer's
credentials have been checked)?
to be clear, i am not saying that the final path for the video is a .php
file.. the final path would be filename.mp4.. however, the php location
block is triggered along the processing path anyway - as the config is.

(i am using the web interface for forum.nginx.org.. so this is a mailing
list and also a forum). ;)

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,251236,251467#msg-251467