Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
This is misinformation. It breaks the web app too.
You can’t use basic auth with jellyfin at all. Its a bug. Jellyfin closed the bug as won’t fix because, it seems, they dont care about security.
Oh, sure enough. Basic auth breaks the login function. I didn’t test it myself and didn’t think that it wouldn’t work for basic auth. I’ve put other auths in front of it and it works. So It’s not completely “misinformation”. Just annoying that the easiest most basic form of auth won’t work.
What other auths can you put in front of it?
The problem is that they’re (ab)using the Auth header, which causes a colission and you can’t load many required assets.
I was testing a 2fa based one the other weak and jellyfin was the service I decided to test with. Ultimately didnt like it so I rolled ot back.I’d have to go look it up to get you a name.