Chromecast - Nginx Content Security Policy
sukram230799 opened this issue · 5 comments
The URL for the Chromecast js-file seems to have changed. For this, the CSP in the Nginx-file seems to be wrong and Chromecasting doesn't work while jellyfin is served by nginx.
The old URL was https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
and the new URL seems to be https://www.gstatic.com/eureka/clank/95/cast_sender.js
.
I'm not certain if that is the only valid URL under which the Chromecast file will be served, so I haven't created a pull request for it. But if the URL is changed in the add_header Content-Security-Policy...
for nginx, Chromecasting becomes available again.
@sukram230799, I can confirm the same issue and fix with nginx. What log are you looking at or how did you determine the new URL?
@sbranden It was mentioned in the Chrome DevTools under the networking tab.
Well if it works again, I think it's pretty safe to open a PR :)
@sbranden It was mentioned in the Chrome DevTools under the networking tab.
@sukram230799, @ThibaultNocchi : thanks for the info. I opened up the Chrome DevTools and found there are 3 different accesses to cast_sender.js
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
https://www.gstatic.com/eureka/clank/95/cast_sender.js
https://www.gstatic.com/eureka/clank/96/cast_sender.js
So looks like a change to allow any cast_sender.js in the www.gstatic.com path should be made instead?
I guess that should be safe, I'll look with others