2023-09-08, 12:58 AM
(2023-09-08, 12:05 AM)bitmap Wrote:(2023-09-07, 06:01 PM)fakers123 Wrote:(2023-09-07, 04:25 PM)bitmap Wrote: The web client doesn't require a third-party app, but I'm guessing that's not what you're asking?
[quote="niels" pid='3867' dateline='1694108032']
I would strongly recommend not sharing those URL's as the token is not a playback token but your users access token, you don't want that to leak.
Security is not a issue, it would be for an internal corporate network.
Why not run an "open" instance of Jellyfin internally and allow users to download from there (e.g., require VPN to access/authenticate)? Or have a service user? I still think the idea of providing a download link that includes a token is problematic. More info about the use case would be good to provide information about a solution.
He could also lock it down by not allowing remote connections and seeing the Internal network config to all his corporate subnets. Could take that further and set the firewall to only allow incoming connections to port 8096 from trusted subnets.
Jellyfin 10.10.7 (Docker)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1
