Gandalf/sofarr
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects Releases 15 Wiki Activity
Files
5fd55b4e1ab6ff992aec11fc16db7699a8f4f544
sofarr/public/app.js
Gronod cc1e8af761
All checks were successful
Build and Push Docker Image / build (push) Successful in 19s
Details
CI / Security audit (push) Successful in 28s
Details
fix: proxy cover art through server to satisfy CSP img-src 'self' 
The new CSP blocks direct browser requests to external image origins
(themoviedb.org, thetvdb.com, etc.) used for poster art.

- dashboard.js: add GET /api/dashboard/cover-art?url=... proxy endpoint
  (auth-required, http/https only, image content-type validated, 5MB cap,
  24h Cache-Control, streams response directly to client)
- app.js: route coverArt src through /api/dashboard/cover-art proxy
- server/utils/logger.js: fix hardcoded /app/server.log path (use DATA_DIR)
2026-05-17 07:24:15 +01:00

27 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink