Comment on How to secure Jellyfin hosted over the internet?
Flipper@feddit.org 4 weeks agoSome of these are bonkers. The argument not to fix them because of backwards compatibility is even wilder. Which normal client would need the ability to get data for any other account that it hasn’t the Auth token for.
sugar_in_your_tea@sh.itjust.works 4 weeks ago
Just make a different API prefix that’s secure and subject to change, and once the official clients are updated, deprecate the insecure API (off by default).
That way you preserve backwards compatibility without forcing everyone to be insecure.
merthyr1831@lemmy.ml 4 weeks ago
Even just basic API versioning would be sufficient. .NET offers a bunch of ways to handle breaking changes in APIs