Chromecast - Nginx Content Security Policy

Question

Chromecast - Nginx Content Security Policy

sukram230799 opened this issue 3 years ago · 5 comments

The URL for the Chromecast js-file seems to have changed. For this, the CSP in the Nginx-file seems to be wrong and Chromecasting doesn't work while jellyfin is served by nginx.

The old URL was https://www.gstatic.com/cv/js/sender/v1/cast_sender.js and the new URL seems to be https://www.gstatic.com/eureka/clank/95/cast_sender.js.

I'm not certain if that is the only valid URL under which the Chromecast file will be served, so I haven't created a pull request for it. But if the URL is changed in the add_header Content-Security-Policy... for nginx, Chromecasting becomes available again.

Answer 1 · 2021-12-13T05:10:05.000Z

@sukram230799, I can confirm the same issue and fix with nginx. What log are you looking at or how did you determine the new URL?

Answer 2 · 2021-12-13T06:37:06.000Z

@sbranden It was mentioned in the Chrome DevTools under the networking tab.

Answer 3 · 2021-12-13T09:13:23.000Z

Well if it works again, I think it's pretty safe to open a PR :)

Answer 4 · 2021-12-13T20:36:19.000Z

@sbranden It was mentioned in the Chrome DevTools under the networking tab.

@sukram230799, @ThibaultNocchi : thanks for the info. I opened up the Chrome DevTools and found there are 3 different accesses to cast_sender.js

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
https://www.gstatic.com/eureka/clank/95/cast_sender.js
https://www.gstatic.com/eureka/clank/96/cast_sender.js

So looks like a change to allow any cast_sender.js in the www.gstatic.com path should be made instead?

Answer 5 · 2021-12-14T09:47:54.000Z

I guess that should be safe, I'll look with others