Oh boy. Nope. My friends gonna have to fiddle with a VPN, forget exposing JF to the outside…
Comment on How to secure Jellyfin hosted over the internet?
doeknius_gloek@discuss.tchncs.de 1 year agoNo, it isn’t.
LiveLM@lemmy.zip 1 year ago
rice@lemmy.org 1 year ago
wireguard honestly takes like 30 seconds to do once you learn how to use it.
Flipper@feddit.org 1 year ago
Some of these are bonkers. The argument not to fix them because of backwards compatibility is even wilder. Which normal client would need the ability to get data for any other account that it hasn’t the Auth token for.
sugar_in_your_tea@sh.itjust.works 1 year ago
Just make a different API prefix that’s secure and subject to change, and once the official clients are updated, deprecate the insecure API (off by default).
That way you preserve backwards compatibility without forcing everyone to be insecure.
merthyr1831@lemmy.ml 1 year ago
Even just basic API versioning would be sufficient. .NET offers a bunch of ways to handle breaking changes in APIs
Mubelotix@jlai.lu 1 year ago
Wtf. Thank you
rice@lemmy.org 1 year ago
I wouldn’t say “great” it’s ok software. Not even due to all of those security things which is a nightmare too. They do things like break the search speed months ago and not have any idea why, it’s so insanely slow and on top of that it somehow lags the entire client when searching too, not just the server which is the only thing doing the query. Lots of issues just with that.