Use backend to proxy jellyfin, sonarr and radarr requests to hide the api keys from the browser
Opened this issue · 0 comments
oxixes commented
I understand that this is something that will probably change in the future, but I'll remark it still just in case. The Sonarr / Radarr api key is exposed when clicking "Request [something]+", which could lead to unauthorized users to take control over these platforms, so the server should do the requests to sonarr / radarr, acting as a middle man, to avoid the keys being leaked.
Thanks for creating this project, I'll try to help and contribute to it in the near future!