Jellyfin for webOS client and nginx X-Frame-Options

roukydesbois commented 1 year ago

Describe the bug

The Jellyfin for webOS client cannot connect to a Yunohost-installed Jellyfin server

Context

Hardware: RPI4
YunoHost version: 11.0.11
I have access to my server: ssh and web admin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no
Using, or trying to install package version/branch: master

Steps to reproduce

Install the new official client "Jellyfin for WebOS" listed here Enter the information of your server. An error appears (error 27).

Expected behavior

No error on connection

Logs

N/A

Additional comments

This is a documented error - if you look at the documentation of jellyfin here, there is a tip mentioning that

The default X-Frame-Options header may cause issues with the webOS app, causing it to remain stuck at a black screen. If enabled, the default Content Security Policy may also cause issues.

If you look at the /etc/nginx/conf.d/security.conf.inc file of Yunohost, on this line, you see that the X-Frame-Options header is indeed set to SAMEORIGIN.

I have tested a dirty fix by commenting this line, restarting nginx, and the WebOS client manages to connect.

But, it's a very dirty fix. I also tried to add add_header X-Frame-Options ""; to /etc/nginx/conf.d/my.domain.d/jellyfin.conf but it didn't solve the problem.

tituspijean commented 1 year ago

I have a webOS TV running its Jellyfin app (though I cannot find which version of the app is installed, as of today it is up to date), and I cannot replicate the issue with the current NGINX configuration. :(

Try more_set_headers "X-Frame-Options : ""; in /etc/nginx/conf.d/my.domain.d/jellyfin.conf, maybe?

noahm commented 2 months ago

I have a webOS TV running its Jellyfin app (though I cannot find which version of the app is installed, as of today it is up to date), and I cannot replicate the issue with the current NGINX configuration. :(

Try more_set_headers "X-Frame-Options : ""; in /etc/nginx/conf.d/my.domain.d/jellyfin.conf, maybe?

I found myself faced with this issue ever since setting up Yunohost+Jellyfin last year and I finally found this issue and this solved it for me! Specifically:

sudoedit /etc/nginx/conf.d/REDACTED.nohost.me.d/jellyfin.conf
add in more_set_headers X-Frame-Options : ""; within the location /jellyfin/ block.
restarted nginx with sudo systemctl restart nginx.service

Finally my Jellyfin app on the LG TV is working for the first time!

noahm commented 2 months ago

Oh, in addition, I scoped this down further to only affect WebOS user-agent strings so the security posture for other browsers remains unchanged. The final addition to my nginx config looks like:

  if ($http_user_agent ~ Web0S) {
    more_set_headers X-Frame-Options : "";
  }

YunoHost-Apps / jellyfin_ynh