Jump to content

Recommended Posts

mastrmind11
Posted

Are you all making changes directly to the web app, or are you all using proxies?

proxy

Posted (edited)

Im also a Nginx user, and i have a B+ score, but CSP has been a nightmare..

 

wan - cloudflare - VPN - Firewall - nginx - servers

Edited by Shidapu
jachin99
Posted

I have actually done this for an IIS site but never anything else.  What advantages to you get with cloudfare when your using a proxy anyway?  Why nginx over others?

Spaceboy
Posted

I have actually done this for an IIS site but never anything else. What advantages to you get with cloudfare when your using a proxy anyway? Why nginx over others?

cloudflare obscures your IP address
Posted (edited)

Sweet thanks for the link! A+. :D And working great so far.

I also added a report-to line in that code, but not sure if its working, but the URI analyzer says its ok, though haven't gotten any reports yet.

I posted in your thread, could you check if my CSP is ok?

Edited by Shidapu
pir8radio
Posted (edited)

Sweet thanks for the link! A+. :D And working great so far.

I also added a report-to line in that code, but not sure if its working, but the URI analyzer says its ok, though haven't gotten any reports yet.

I posted in your thread, could you check if my CSP is ok?

 

yes, the "report uri" address sends fails...   so if your CSP blocked something the client end would report what was blocked to that url.    so if i went to your server and your CSP blocked something on my browser, my browser would know to "report" that block to that url so you could see it in a report. 

Edited by pir8radio
  • Like 1
Posted

yes, the "report uri" address sends fails...   so if your CSP blocked something the client end would report what was blocked to that url.    so if i went to your server and your CSP blocked something on my browser, my browser would know to "report" that block to that url so you could see it in a report. 

Yeah thats what i want it to do! :D A good thing to make some ease of mind for me when playing with CSP in the future. Thanks alot for the good info!

  • 4 years later...
Posted

Hi, since Mozilla updated their scoring at the observatory, my score went from A+ to D+, only because "Cross-origin Resource Sharing" scores "-50". Is there a way to up it a little again at Mozilla? The Third-party tests (those of them which works) still scores A+.

Posted
3 hours ago, Bartype said:

Hi, since Mozilla updated their scoring at the observatory, my score went from A+ to D+, only because "Cross-origin Resource Sharing" scores "-50". Is there a way to up it a little again at Mozilla? The Third-party tests (those of them which works) still scores A+.

I would post here: 

@pir8radiomay have some thoughts.

 

Posted

Well, that would be true if it was CSP, but that doesn't seem to be the case...

Embyshot.jpg

Posted
2 hours ago, Bartype said:

Well, that would be true if it was CSP, but that doesn't seem to be the case...

Embyshot.jpg

The server does respond with Cors headers, so that might be causing that. 

Posted
13 hours ago, Luke said:

The server does respond with Cors headers, so that might be causing that. 

Hmm i tried adding something like "Access-Control-Allow-Origin: *" to the nginx configuration which make it score A+ again. But despite i would say this setting doesn't do much there are some clients, mostly Apple and/or slow internet connections which have problems, keeping buffering or not able to log in anymore...

 

Posted
9 hours ago, Bartype said:

Hmm i tried adding something like "Access-Control-Allow-Origin: *" to the nginx configuration which make it score A+ again. But despite i would say this setting doesn't do much there are some clients, mostly Apple and/or slow internet connections which have problems, keeping buffering or not able to log in anymore...

 

That's surprising, since the server sometimes adds that. Maybe you're adding it in cases in which the server does something different with it, and overwriting the server value. For best compatibility I would just let the value pass through from Emby Server if you can.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...