I was hoping someone could take a look at the HTTP headers I have my reverse proxy (Traefik v2) apply to Emby (and other apps) and let me know what might be causing issues with the app?
customFrameOptionsValue: SAMEORIGIN
browserXssFilter: true
stsSeconds: 155520011
referrerPolicy: no-referrer
contentTypeNosniff: true
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
featurePolicy: true
sslForceHost: true
contentSecurityPolicy: "default-src ‘self’; script-src ‘self’ ‘unsafe-eval’; style-src ‘self’ ‘unsafe-inline’; frame-src *; img-src * data: blob:; font-src ‘self’ data:; media-src *;"
accessControlAllowOriginList: [“<origin>”]
featurePolicy: "geolocation 'none'; camera 'none'; microphone 'none'"
The web interface is accessible but sometimes it doesn't load all the assets (cover art, etc) and movies will randomly not play. If I take all the headers off, everything works fine as if I am connecting inside the LAN but then I lose that nice A+ security rating for headers scan. I suppose I can start taking them off one by one and see what might be the issue but thought the devs or forum mods may just be able to look at my list and spot what is wrong.
I looked for documentation of recommended headers but didn't see any articles through Google searches. Seems like a good wiki item.