Comment on How to secure Jellyfin hosted over the internet?
Flipper@feddit.org 5 days agoSome of these are bonkers. The argument not to fix them because of backwards compatibility is even wilder. Which normal client would need the ability to get data for any other account that it hasn’t the Auth token for.
sugar_in_your_tea@sh.itjust.works 4 days ago
Just make a different API prefix that’s secure and subject to change, and once the official clients are updated, deprecate the insecure API (off by default).
That way you preserve backwards compatibility without forcing everyone to be insecure.
merthyr1831@lemmy.ml 4 days ago
Even just basic API versioning would be sufficient. .NET offers a bunch of ways to handle breaking changes in APIs