[BUG] Jellyfin: add_header lines in ssl.conf not applying due to commit 6f715575

[jarelllama]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

In the current jellyfin.subdomain.conf.sample, the line add_header Access-Control-Allow-Origin "luna://com.webos.service.config" always; prevents the add_header lines in ssl.conf from applying.

For example, in ssl.conf, none of the uncommented headers are used:

# Optional additional headers
#add_header Cache-Control "no-transform" always;
add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always;
#add_header Permissions-Policy "interest-cohort=()" always;
add_header Referrer-Policy "same-origin" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
#add_header X-UA-Compatible "IE=Edge" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";

Expected Behavior

The uncommented headers in ssl.conf should apply.

Steps To Reproduce

1. Use the default provided jellyfin.subdomain.conf.sample config.
2. Access Jellyfin
3. Using the browser's web developer tools, notice none of the uncommented headers in ssl.conf are present
4. Remove add_header Access-Control-Allow-Origin "luna://com.webos.service.config" always; from jellyfin.subdomain.conf
5. Check the headers in the browser again and notice they now appear

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[quietsy]

Fixed by #765, reopen if necessary.

[LinuxServer-CI]

This issue is locked due to inactivity