

FWIW it seems Jellyfin has some application-specific authentication/security bugs that complicate things a bit. Of course the same concepts should generally apply, but some considerations will be different depending on what application you’re exposing.
Those democrats and their “branding” JFC