diff --git a/server.py b/server.py
index 6816dff190476efd1948dca6ff12573ec891989c..227f61bc680fd5cf823afc93a557efaa09022acf 100755
--- a/server.py
+++ b/server.py
@@ -15,10 +15,12 @@ config['SQLITE_DB'] = 'db.sqlite'
 config['SQLITE_INIT_SCHEMA'] = True
 config['SQLITE_INIT_DATA'] = False
 config['DEBUG'] = False
+config['VIDEOPREFIX'] = 'https://videoag.fsmpi.rwth-aachen.de'
 if __name__ == '__main__':
 	config['SQLITE_INIT_DATA'] = True
 	config['DEBUG'] = True
 config.from_pyfile('config.py', silent=True)
+app.jinja_env.globals['videoprefix'] = config['VIDEOPREFIX']
 
 if config['DB_ENGINE'] == 'sqlite':
 	created = not os.path.exists(config['SQLITE_DB'])
@@ -243,13 +245,37 @@ def edit():
 				'comment', 'internal'])
 	}
 	query('BEGIN TRANSACTION')
-	for key, val in request.get_json():
+	if request.is_json():
+		changes = request.get_json().items()
+	else:
+		changes = request.args.items()
+	for key, val in changes:
 		table, id, column = key.split('.', 2)
 		assert table in tabs
 		assert column in tabs[table][2]
 		query('UPDATE %s SET %s = ? WHERE %s = ?'%(tabs[table][0], column,
 					tabs[table][1]), val, id)
 	query('COMMIT TRANSACTION')
+	return "OK", 200
+
+@app.route('/auth')
+def auth(): # For use with nginx auth_request
+	if 'X-Original-Uri' not in request.headers:
+		return 'Internal Server Error', 500
+	url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
+	videos = query('''SELECT videos.path
+			FROM videos
+			JOIN lectures ON (videos.lecture_id = lectures.id)
+			JOIN courses ON (lectures.course_id = courses.id)
+			WHERE videos.path = ?
+			AND (? OR (courses.visible AND lectures.visible AND videos.visible))''',
+			url, ismod())
+	if videos and url.startswith('pub'):
+		return "OK", 200
+	elif videos and ismod():
+		return "OK", 200
+	else:
+		return "Not allowed", 403
 
 if __name__ == '__main__':
-	app.run()
+	app.run(threaded=True)
diff --git a/templates/macros.html b/templates/macros.html
index 9ff35641c6ac6be280cdc7098a083194011dd7e3..8ea9ce483eb1321b32ff8b6063373a15c946c872 100644
--- a/templates/macros.html
+++ b/templates/macros.html
@@ -3,7 +3,7 @@
 <li class="list-group-item">
 	<a class="hidden-xs" href="/play?lectureid={{ lecture['id'] }}" title="{{ lecture['coursetitle'] }}">
 		<div class="row">
-			<img class="col-xs-4" src="https://videoag.fsmpi.rwth-aachen.de/{{ lecture['titlefile'] }}" alt="Vorschaubild">
+			<img class="col-xs-4" src="{{ videoprefix }}/{{ lecture['titlefile'] }}" alt="Vorschaubild">
 			<div class="col-xs-4">
 				<span style="color: #000;"><strong>{{ lecture['short'] }}</strong></span><br>
 				<span style="color: #000;">{{ lecture['time'] }}</span>
@@ -19,7 +19,7 @@
 	</a>
 	<a class="visible-xs" href="/play?lectureid={{ lecture['id'] }}" title="{{ lecture['coursetitle'] }}">
 		<div class="row">
-			<img class="col-xs-12" src="https://videoag.fsmpi.rwth-aachen.de/{{ lecture['titlefile'] }}" alt="Vorschaubild">
+			<img class="col-xs-12" src="{{ videoprefix }}/{{ lecture['titlefile'] }}" alt="Vorschaubild">
 		</div>
 		<div class="row">
 			<div class="col-xs-12">
@@ -54,7 +54,7 @@
 <link rel="stylesheet" href="static/mediaelementjs/mediaelementplayer.css" />
 <video class="mejs-player" width="640" height="360" style="width: 100%; height: 100%;">
 	{% for v in videos %}
-		<source type="video/mp4" src="https://videoag.fsmpi.rwth-aachen.de/{{ v.path }}" />
+		<source type="video/mp4" src="{{ videoprefix }}/{{ v.path }}" />
 	{% endfor %}
 </video>
 <script>
@@ -94,13 +94,13 @@
 <button class="btn btn-primary dropdown-toggle {% if videos|length is equalto 0 %}disabled{% endif %}" type="button" data-toggle="dropdown">Download <span class="caret"></span></button>
 <ul class="dropdown-menu">
 	{% for v in videos %}
-	<li><a href="https://video.fsmpi.rwth-aachen.de/{{v.path}}">{{v.format_description}} ({{v.file_size|filesizeformat(true)}})</a></li>
+	<li><a href="{{ videoprefix }}/{{v.path}}">{{v.format_description}} ({{v.file_size|filesizeformat(true)}})</a></li>
 	{% endfor %}
 </ul>
 <noscript>
 	<ul class="pull-right list-unstyled" style="margin-left:10px;">
 		{% for v in videos %}
-		<li><a href="https://video.fsmpi.rwth-aachen.de/{{v.path}}">{{v.format_description}} ({{v.file_size|filesizeformat(true)}})</a></li>
+		<li><a href="{{ videoprefix }}/{{v.path}}">{{v.format_description}} ({{v.file_size|filesizeformat(true)}})</a></li>
 		{% endfor %}
 	</ul>
 </noscript>