Luke 37090 Posted August 21, 2018 Share Posted August 21, 2018 Yes we can remove that script tag. 1 Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted August 22, 2018 Author Share Posted August 22, 2018 Yes we can remove that script tag. Cool, thanks for even considering it! I suspect emby will head down the Content Security Policy road one day anyway, this will help when you do.. Inline scripts are the easiest way to get into a website, the CSP will block all inline scripts to secure the page, and that's all we are trying to do here.. Link to comment Share on other sites More sharing options...
Luke 37090 Posted August 22, 2018 Share Posted August 22, 2018 I've added a CSP to the test version here: https://emby.media/community/index.php?/topic/61079-3603-db-changes/ Thanks. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted August 22, 2018 Author Share Posted August 22, 2018 (edited) I've added a CSP to the test version here: https://emby.media/community/index.php?/topic/61079-3603-db-changes/ Thanks. wow, that's risky buddy.. Great now I'm going to have to download the new beta... lol I was holding off a bit, because I didn't want to be stuck in a particular database scheme if you were changing it again. I'm scared......... But I guess I'll make the move. What is still not working in that beta? Edited August 22, 2018 by pir8radio 1 Link to comment Share on other sites More sharing options...
Luke 37090 Posted August 22, 2018 Share Posted August 22, 2018 Just try it standalone and there's nothing to worry about. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted August 22, 2018 Author Share Posted August 22, 2018 Just try it standalone and there's nothing to worry about. Can i run the stand alone side by side without them screwing with each others DB? I would like to run it looking at the same media so i can compare db speeds... Link to comment Share on other sites More sharing options...
chef 3746 Posted August 23, 2018 Share Posted August 23, 2018 When I added CSP to my domain it really did a number on emby loading. But I look forward to it being implement Ed by professionals. Link to comment Share on other sites More sharing options...
Luke 37090 Posted August 23, 2018 Share Posted August 23, 2018 I'm probably going to just remove it because it will just be unnecessary troubleshooting coming our way. Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted August 23, 2018 Author Share Posted August 23, 2018 (edited) I'm probably going to just remove it because it will just be unnecessary troubleshooting coming our way. Yea, I would wait to go full on CSP built into emby. But you can still get rid of that one inline script lol Let us fine tune the CSP in our proxy then move toward implementing it later. Edited August 23, 2018 by pir8radio Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted August 24, 2018 Author Share Posted August 24, 2018 Another thing you need to add to your CSP's is mb3admin I'm starting to get complaints from end users that their client is asking them to register emby. This is because the clients cant "phone home" to emby to confirm the servers device count and what not. Ill add this to mine and test.. I'll add a CSP forum post to cover everything. We can test and hopefully one day hand off to luke a working and painless CSP. Link to comment Share on other sites More sharing options...
makarai 108 Posted August 24, 2018 Share Posted August 24, 2018 Also some clients get on the regular 'a stream unavailable' message Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted August 24, 2018 Author Share Posted August 24, 2018 Also some clients get on the regular 'a stream unavailable' message i have not seen this. what clients? Link to comment Share on other sites More sharing options...
makarai 108 Posted August 24, 2018 Share Posted August 24, 2018 i have not seen this. what clients? 2 different clients on latest chrome. I personally never run into any real emby problems, and i typically check on all the clients i have available (nvidia shield with emby app, kodi, chrome mobilephone, chrome pc). Since i am fairly new to all of this i adopted the following methodology when i change something on my reverse proxy, by now i have a fairly complex HAproxy on Pfsense config, not sure if someone would benefit from it. mb.doman.org -> haproxy (passes both domain to the backend, each domain can pass different configurations) -> same backend mbtest.domain.org Link to comment Share on other sites More sharing options...
makarai 108 Posted September 19, 2018 Share Posted September 19, 2018 @@pir8radio May i ask what your setup is? do you run a firewall and if so which ? For me its wan -> pfsense + haproxy package -> emby server Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted September 19, 2018 Author Share Posted September 19, 2018 (edited) @@pir8radio May i ask what your setup is? do you run a firewall and if so which ? For me its wan -> pfsense + haproxy package -> emby server WAN--Cloudflare------Firewall--nginx--emby The firewall defaults to block all except TCP 80 & 443 Edited September 19, 2018 by pir8radio Link to comment Share on other sites More sharing options...
makarai 108 Posted September 20, 2018 Share Posted September 20, 2018 Which Firewall are you using Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted September 20, 2018 Author Share Posted September 20, 2018 Which Firewall are you using It's always good to keep that info private.. lol 1 Link to comment Share on other sites More sharing options...
makarai 108 Posted September 20, 2018 Share Posted September 20, 2018 Would you mind sending me a pm so I can copy your setup Link to comment Share on other sites More sharing options...
Swynol 375 Posted September 20, 2018 Share Posted September 20, 2018 i have similar to pir8radio. wan - cloudflare - IPS - Firewall - nginx - servers Link to comment Share on other sites More sharing options...
bfir3 114 Posted September 26, 2018 Share Posted September 26, 2018 This is awesome information. I just tested my server and I got an F, lol. Looks like I will be digging into this tonight. Link to comment Share on other sites More sharing options...
makarai 108 Posted October 22, 2018 Share Posted October 22, 2018 WAN--Cloudflare------Firewall--nginx--emby The firewall defaults to block all except TCP 80 & 443 Hey, may i ask what cloudflare settings you use, i.e. flexible full or full strict, or do you just use it as a dns ? Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted October 22, 2018 Author Share Posted October 22, 2018 Hey, may i ask what cloudflare settings you use, i.e. flexible full or full strict, or do you just use it as a dns ? you mean under crypto? Full. Had to go with full because of how I hide my origin server.. Link to comment Share on other sites More sharing options...
makarai 108 Posted October 23, 2018 Share Posted October 23, 2018 you mean under crypto? Full. Had to go with full because of how I hide my origin server.. OK, thanks. Link to comment Share on other sites More sharing options...
RobWayBro 27 Posted October 23, 2018 Share Posted October 23, 2018 Made it to an A+ also, without loss of connectivity.. . 1 Link to comment Share on other sites More sharing options...
jachin99 82 Posted March 28, 2020 Share Posted March 28, 2020 Are you all making changes directly to the web app, or are you all using proxies? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now