Gandalf/sofarr
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects Releases 15 Wiki Activity
Files
cc1e8af76192dceded57af666ae9feb48ce34d6d
sofarr/public
History
Gronod cc1e8af761
All checks were successful
Build and Push Docker Image / build (push) Successful in 19s
Details
CI / Security audit (push) Successful in 28s
Details
fix: proxy cover art through server to satisfy CSP img-src 'self' 
The new CSP blocks direct browser requests to external image origins
(themoviedb.org, thetvdb.com, etc.) used for poster art.

- dashboard.js: add GET /api/dashboard/cover-art?url=... proxy endpoint
  (auth-required, http/https only, image content-type validated, 5MB cap,
  24h Cache-Control, streams response directly to client)
- app.js: route coverArt src through /api/dashboard/cover-art proxy
- server/utils/logger.js: fix hardcoded /app/server.log path (use DATA_DIR)
2026-05-17 07:24:15 +01:00
..
images
fix(security #5): remove plaintext logging of Emby auth response and user object
2026-05-16 16:17:43 +01:00
app.js
fix: proxy cover art through server to satisfy CSP img-src 'self'
2026-05-17 07:24:15 +01:00
favicon-32.png
feat: add favicon from sofarr-logoonly.png
2026-05-16 15:34:24 +01:00
favicon-192.png
feat: add favicon from sofarr-logoonly.png
2026-05-16 15:34:24 +01:00
favicon.ico
feat: add favicon from sofarr-logoonly.png
2026-05-16 15:34:24 +01:00
index.html
feat: add 'Keep me logged in' checkbox to login form
2026-05-16 17:15:28 +01:00
style.css
feat: add 'Keep me logged in' checkbox to login form
2026-05-16 17:15:28 +01:00