mirror of
https://github.com/screentinker/screentinker.git
synced 2026-06-15 02:33:15 -06:00
6760f61fb8
After uploading, content thumbnails were blank until the item was added to a playlist/widget. The public /api/content/:id/thumbnail (and /file) endpoints are reference-gated (an anonymous player with a UUID must not pull arbitrary tenants' media), and a plain <img> can't send a Bearer token - so a just-uploaded item 403'd. - Backend: add an authenticated bypass - a logged-in user who can access the content's workspace (verified from the Bearer token) may view its file/thumbnail even when unreferenced. Anonymous players still hit the reference gate. - Frontend: the content library lazy-fetches thumbnails/previews WITH the token and swaps in an object URL (IntersectionObserver keeps it under the rate limit; the URL is revoked after load). Verified: unreferenced thumbnail now 200 with a bearer token, still 403 anonymous. |
||
|---|---|---|
| .. | ||
| assets | ||
| compare | ||
| css | ||
| guides | ||
| js | ||
| legal | ||
| index.html | ||
| landing.html | ||
| manifest.json | ||
| robots.txt | ||
| sitemap.xml | ||
| sw-admin.js | ||