Gandalf/sofarr
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects Releases 22 Wiki Activity

fix(ui): wire status panel close button via addEventListener
Some checks failed
CI / Security audit (push) Failing after 29s
Details
Docs Check / Markdown lint (push) Successful in 47s
Details
Build and Push Docker Image / build (push) Successful in 1m3s
Details
Licence Check / Licence compatibility and copyright header verification (push) Successful in 1m14s
Details
CI / Tests & coverage (push) Successful in 1m39s
Details
Docs Check / Mermaid diagram parse check (push) Successful in 1m54s
Details

Browse Source 
Inline onclick attribute was silently blocked by the server CSP nonce
policy. Replace with addEventListener after innerHTML is set.

chore: bump version to 1.5.0a
This commit is contained in:
Gronod
2026-05-19 18:51:50 +01:00
parent 3747dab36f
commit 917939a9fc
3 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG.md
View File

@@ -6,6 +6,14 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
--- ---
## [1.5.0a] - 2026-05-19
### Fixed
- **Status panel close button** — the `×` button now correctly hides the status panel and stops the auto-refresh timer. The button was previously using an inline `onclick` attribute which was silently blocked by the server's CSP nonce policy. Replaced with `addEventListener` wired after `innerHTML` is set, consistent with all other button handlers in the application.
---
## [1.5.0] - 2026-05-19 ## [1.5.0] - 2026-05-19
### Changed ### Changed

2
package.json
View File

@@ -1,6 +1,6 @@
{ {
"name": "sofarr", "name": "sofarr",
"version": "1.5.0", "version": "1.5.0a",
"description": "A personal media download dashboard that shows your downloads 'so far' while you relax on the sofa waiting for your *arr services to finish", "description": "A personal media download dashboard that shows your downloads 'so far' while you relax on the sofa waiting for your *arr services to finish",
"main": "server/index.js", "main": "server/index.js",
"scripts": { "scripts": {

5
public/app.js
View File

@@ -812,7 +812,7 @@ function renderStatusPanel(data, panel) {
let html = ` let html = `
<div class="status-header"> <div class="status-header">
<h3>Server Status</h3> <h3>Server Status</h3>
<button class="status-close" onclick="closeStatusPanel()">&times;</button> <button class="status-close" id="status-close-btn">&times;</button>
</div> </div>
<div class="status-grid"> <div class="status-grid">
<div class="status-card"> <div class="status-card">
@@ -886,6 +886,9 @@ function renderStatusPanel(data, panel) {
html += `</tbody></table></div></div>`; html += `</tbody></table></div></div>`;
panel.innerHTML = html; panel.innerHTML = html;
// Wire close button — addEventListener avoids CSP inline handler restrictions
const closeBtn = panel.querySelector('#status-close-btn');
if (closeBtn) closeBtn.addEventListener('click', closeStatusPanel);
// Set bar widths via JS DOM assignment — immune to CSP style-src restrictions // Set bar widths via JS DOM assignment — immune to CSP style-src restrictions
panel.querySelectorAll('.timing-bar[data-w]').forEach(el => { panel.querySelectorAll('.timing-bar[data-w]').forEach(el => {
el.style.width = el.dataset.w + '%'; el.style.width = el.dataset.w + '%';