None. Dashy’s authentication was famously literally security theatre even with Keycloak. You could just pause the load in browser and have full access to the config. Because it let you iframe whatever you could now do so with local services to enum. Somehow Jellyfin is unbustable though. So it’s a bit of a crapshoot. Look at past vulnerabilities. Stuff like XSS unless stored you don’t need to worry about, clickjacking, tab nabbing etc. On the other hand anything that’s arbitrary file read, SQLI, RCE, LFI, RFI, SSRF etc. I would look at seriously. E.g. don’t make your 13ft public because it can be used to literally enumerate your entire private network.

Yes I host everything public with cloudflare tunnels. Everything more heavy is VPN with DDNS on invite basis to friends and fam. For the former it’s Hassle-free HTTPS, no reverse proxy, no firewall, no nonsense.

It’s such a culture shock in this comment section but FOSS MalDev is absolutely not as uncommon as you might think. A nice trip down to VxUnderground rabbit hole compiling and deplying some samples is tons of fun for an afternoon for any casual ghidra enjoyer.

Damn. Big shame. GPL violations are far too fucking common.

Yes exactly, but which parties? Who actually violated the GPLof Duckstation?

Which GPL violations is he referring to?

That’s awesome. Glad we’re finally automating the most important things in life - internet arguments.

So basically you’re using Unix sockets on your LAN level between nginx and internal machines for finer grained access control and because you’re running out of ports. That’s really cool! I’ll have to read into this myself.

Compatible with Unix sockets?

How does this, (or 12ft.io for that matter) actually work? Client-side trickery? Magic cookies? Something like adblock?

EDIT: Apparently it just blocks JS and disguises itself as an SE crawler. This still doesn’t work on sites like Bloomberg, and if I understand correctly nothing can be done there.

That’s a lot of work. Thanks though.

Is there a way to do reverse tunnels, or something like it, so not opening any ports at all on the network, without cloudflare?

Closest to that XP I got was generating VPN keys and distributing them to close friends, running DDNS (no-ip) on my Pi with a pivpn server and then accessing JellyFin that way.