Gandalf/sofarr
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects Releases 15 Wiki Activity
Files
cc1e8af76192dceded57af666ae9feb48ce34d6d
sofarr/server/routes
History
Gronod cc1e8af761
All checks were successful
Build and Push Docker Image / build (push) Successful in 19s
Details
CI / Security audit (push) Successful in 28s
Details
fix: proxy cover art through server to satisfy CSP img-src 'self' 
The new CSP blocks direct browser requests to external image origins
(themoviedb.org, thetvdb.com, etc.) used for poster art.

- dashboard.js: add GET /api/dashboard/cover-art?url=... proxy endpoint
  (auth-required, http/https only, image content-type validated, 5MB cap,
  24h Cache-Control, streams response directly to client)
- app.js: route coverArt src through /api/dashboard/cover-art proxy
- server/utils/logger.js: fix hardcoded /app/server.log path (use DATA_DIR)
2026-05-17 07:24:15 +01:00
..
auth.js
feat(security): production hardening for external deployment
2026-05-17 06:47:25 +01:00
dashboard.js
fix: proxy cover art through server to satisfy CSP img-src 'self'
2026-05-17 07:24:15 +01:00
emby.js
fix(security #15): read API keys from process.env at request time
2026-05-16 16:26:53 +01:00
radarr.js
fix(security #15): read API keys from process.env at request time
2026-05-16 16:26:53 +01:00
sabnzbd.js
fix(security #15): read API keys from process.env at request time
2026-05-16 16:26:53 +01:00
sonarr.js
fix(security #15): read API keys from process.env at request time
2026-05-16 16:26:53 +01:00