2023-09-08, 12:58 AM
(2023-09-08, 12:05 AM)bitmap Wrote:(2023-09-07, 06:01 PM)fakers123 Wrote:(2023-09-07, 04:25 PM)bitmap Wrote: The web client doesn't require a third-party app, but I'm guessing that's not what you're asking?
[quote="niels" pid='3867' dateline='1694108032']
I would strongly recommend not sharing those URL's as the token is not a playback token but your users access token, you don't want that to leak.
Security is not a issue, it would be for an internal corporate network.
Why not run an "open" instance of Jellyfin internally and allow users to download from there (e.g., require VPN to access/authenticate)? Or have a service user? I still think the idea of providing a download link that includes a token is problematic. More info about the use case would be good to provide information about a solution.
He could also lock it down by not allowing remote connections and seeing the Internal network config to all his corporate subnets. Could take that further and set the firewall to only allow incoming connections to port 8096 from trusted subnets.