You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds a new EnableLegacyAuthorization configuration option to system.xml. It defaults to true (keep legacy methods working) but we will add a migration to change it to false in the future before entirely removing the old authorization methods.
For now the option can be used by (client-)developers to find network requests using a wrong authorization method.
The only method we'll allow is the Authorization header with MediaBrowser scheme and the ApiKey query parameter. The other headers (X-Emby-Authorization, X-Emby-Token, X-MediaBrowser-Token), query parameter (api_key) and authorization scheme (Emby) are all deprecated.
We've warned for these changes for almost 2 years using this gist we share almost weekly to people developing for Jellyfin.
Note: It is currently not possible to use jellyfin-web without legacy authorization (unable to sign in due to this line in the archived JS apiclient).
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Adds a new
EnableLegacyAuthorizationconfiguration option tosystem.xml. It defaults totrue(keep legacy methods working) but we will add a migration to change it tofalsein the future before entirely removing the old authorization methods.For now the option can be used by (client-)developers to find network requests using a wrong authorization method.
The only method we'll allow is the
Authorizationheader withMediaBrowserscheme and theApiKeyquery parameter. The other headers (X-Emby-Authorization,X-Emby-Token,X-MediaBrowser-Token), query parameter (api_key) and authorization scheme (Emby) are all deprecated.We've warned for these changes for almost 2 years using this gist we share almost weekly to people developing for Jellyfin.
Note: It is currently not possible to use jellyfin-web without legacy authorization (unable to sign in due to this line in the archived JS apiclient).
Issues