I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Scary le Poo · 2 days ago

I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Saik0 · 19 hours ago

Oh, sure enough. Basic auth breaks the login function. I didn’t test it myself and didn’t think that it wouldn’t work for basic auth. I’ve put other auths in front of it and it works. So It’s not completely “misinformation”. Just annoying that the easiest most basic form of auth won’t work.

@jagged_circle@feddit.nl · edit-2 18 hours ago

What other auths can you put in front of it?

The problem is that they’re (ab)using the Auth header, which causes a colission and you can’t load many required assets.

Saik0 · 12 hours ago

I was testing a 2fa based one the other weak and jellyfin was the service I decided to test with. Ultimately didnt like it so I rolled ot back.I’d have to go look it up to get you a name.

I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

I don’t know who needs to hear this, but DO NOT EVER expose Jellyfin to the internet

Collection of potential security issues in Jellyfin · Issue #5415 · jellyfin/jellyfin