2023-11-12, 08:06 PM
I thought others might be interested in this too.
I installed/configured a reverse proxy with nginx for my Jellyfin server. Everything worked fine right from the start apart from sending a "Stream URL" to an iPhone with Safari browser.
I used the configuration at https://jellyfin.org/docs/general/networking/nginx/ as a starting point. However, compared to an Apache reverse proxy for Jellyfin, Safari on the iPhone wouldn't play a video sent via "Copy Stream URL". Safari gives you the options "View" and "Download". "View" doesn't work with the default nginx configuration from above link.
I commented out the following lines:
Wenn these lines are commented out the "View" button in Safari on an iPhone works again.
I hope someone finds this helpful. Since I'm not a web developer I have no clue what these lines do but without them response headers between Apache and nginx reverse proxies look very similar (compared with web developer tools in Firefox enabled), and the "View" button in Safari works.
I installed/configured a reverse proxy with nginx for my Jellyfin server. Everything worked fine right from the start apart from sending a "Stream URL" to an iPhone with Safari browser.
I used the configuration at https://jellyfin.org/docs/general/networking/nginx/ as a starting point. However, compared to an Apache reverse proxy for Jellyfin, Safari on the iPhone wouldn't play a video sent via "Copy Stream URL". Safari gives you the options "View" and "Download". "View" doesn't work with the default nginx configuration from above link.
I commented out the following lines:
Code:
# Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app
#add_header X-Frame-Options "SAMEORIGIN";
#add_header X-XSS-Protection "0"; # Do NOT enable. This is obsolete/dangerous
#add_header X-Content-Type-Options "nosniff";
# COOP/COEP. Disable if you use external plugins/images/assets
#add_header Cross-Origin-Opener-Policy "same-origin" always;
#add_header Cross-Origin-Embedder-Policy "require-corp" always;
#add_header Cross-Origin-Resource-Policy "same-origin" always;
# Permissions policy. May cause issues on some clients
#add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;Wenn these lines are commented out the "View" button in Safari on an iPhone works again.
I hope someone finds this helpful. Since I'm not a web developer I have no clue what these lines do but without them response headers between Apache and nginx reverse proxies look very similar (compared with web developer tools in Firefox enabled), and the "View" button in Safari works.