Jump to content

Remote User Access - Access Token is invalid or expired

Nvitalian

By Nvitalian
in Linux

 Share
Go to solution Solved by Luke,

Recommended Posts

Lessaj

Lessaj 467

Posted
Posted (edited)

No I'm using httpd, but I imagine you could modify it to fit Nginx syntax.

Quote

Header always set Content-Security-Policy "default-src 'self' *.gstatic.com mediabrowser.github.io mb3admin.com; style-src 'self' 'unsafe-inline'; media-src 'self' blob: 'self'; worker-src 'self' blob: 'self'; script-src 'self' *.gstatic.com; img-src 'self' *.thetvdb.com *.tmdb.org github.com raw.githubusercontent.com mediabrowser.github.io"

 

Edited by Lessaj
  • Thanks 1
Neminem

Neminem 1518

Posted
Posted

Will try when I get the time, need to travle for work then coming week.

Nvitalian

Nvitalian 8

Posted
  • Author
Posted

I appreciate everyone's help. I think the root cause is this is running as a Truenas "App" versus me building out the container myself. No big deal at this point. If external users use Emby Connect, they are able to come into the server without the token issue.

Thanks again.

  • Like 2
  • Thanks 1
  • 2 months later...
sukerbole1

sukerbole1 2

Posted
Posted

I ran into this exact same issue. My setup is the following:

  • NGINX Proxy Manager in docker
  • Emby in docker
  • *.domain.com setup for SSL
  • emby.domain.com added as proxy host to the localip:port
     

Website is all good. Android apps did not work. Adding the location from earlier in the thread fixed it.

 

 

Neminem

Neminem 1518

Posted
Posted (edited)

@sukerbole1Just got back to this again 🤣😂

image.png.43dd715742ff922694a827b6a638a992.png

So my custom location now look like this, love it 👍Thanks @Lessaj 

add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-Permitted-Cross-Domain-Policies "master-only" always;
add_header Pragma "no-cache" always;
add_header Cache-Control "no-store" always;
add_header Content-Security-Policy "default-src 'none'; child-src 'self'; font-src 'self' data:; connect-src 'self' wss: ws: https://mb3admin.com https://github.com/MediaBrowser/; media-src 'self' blob: data: https://github.com/MediaBrowser/; manifest-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; worker-src 'self' blob:; script-src 'self' https://sub.YOUR-Domain.com. https://www.gstatic.com; img-src data: https: http:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css; report-to https://magicc.report-uri.com/r/d/csp/reportOnly;" always;

 

Edited by Neminem
  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...