2023-09-08, 12:58 AM
(2023-09-08, 12:05 AM)bitmap Wrote:(2023-09-07, 06:01 PM)fakers123 Wrote:(2023-09-07, 04:25 PM)bitmap Wrote: The web client doesn't require a third-party app, but I'm guessing that's not what you're asking?
[quote="niels" pid='3867' dateline='1694108032']
I would strongly recommend not sharing those URL's as the token is not a playback token but your users access token, you don't want that to leak.
Security is not a issue, it would be for an internal corporate network.
Why not run an "open" instance of Jellyfin internally and allow users to download from there (e.g., require VPN to access/authenticate)? Or have a service user? I still think the idea of providing a download link that includes a token is problematic. More info about the use case would be good to provide information about a solution.
He could also lock it down by not allowing remote connections and seeing the Internal network config to all his corporate subnets. Could take that further and set the firewall to only allow incoming connections to port 8096 from trusted subnets.
Jellyfin 10.9.11
Ubuntu 24.04 LTS (bare metal)
Intel i3 12100 on Asus Prime H610M-E D4 mATX
32GB DDR4-3600
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
WD Green 3TB (Samba shares)
WD Red 3TB CMR (WIP Media, Test libraries)
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)
Fractal Meshify 2
Corsair CX430
Ubuntu 24.04 LTS (bare metal)
Intel i3 12100 on Asus Prime H610M-E D4 mATX
32GB DDR4-3600
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
WD Green 3TB (Samba shares)
WD Red 3TB CMR (WIP Media, Test libraries)
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)
Fractal Meshify 2
Corsair CX430