Archive/screentinker
1
0
Fork 0
mirror of https://github.com/screentinker/screentinker.git synced 2026-05-15 07:32:23 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
screentinker/server
History
ScreenTinker a3551a2654 Player: only request fullscreen on real user clicks 
The remote-control feature dispatches synthetic click events on the
player when the dashboard forwards touches. The global click handler
called requestFullscreen() on every click, but the browser only honors
that API for trusted user gestures — synthetic events rejected with
"Permissions check failed" / "API can only be initiated by a user
gesture", spamming the console for the duration of any remote session.

Gate the fullscreen request on event.isTrusted. Local user clicks still
trigger fullscreen; remote-control taps no longer try (and fail).
Bumped SW cache to v8.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-28 16:13:58 -05:00
..
db Add media folder organization to content library 2026-04-28 10:13:36 -05:00
middleware Fix UTF-8 encoding for special characters in filenames 2026-04-28 10:13:41 -05:00
player Player: only request fullscreen on real user clicks 2026-04-28 16:13:58 -05:00
routes Security: fix IDORs, XSS, rate limits, SSRF validation 2026-04-28 14:37:18 -05:00
services Add group-level scheduling, group playlist assignment, and persist audio unlock 2026-04-15 20:22:42 -05:00
ws Security: fix IDORs, XSS, rate limits, SSRF validation 2026-04-28 14:37:18 -05:00
config.js Add DISABLE_REGISTRATION env var to block public sign-ups 2026-04-22 19:35:32 -05:00
package-lock.json Security: fix IDORs, XSS, rate limits, SSRF validation 2026-04-28 14:37:18 -05:00
package.json Security: fix IDORs, XSS, rate limits, SSRF validation 2026-04-28 14:37:18 -05:00
server.js Fix screenshot fallback query and API 404 hang 2026-04-28 14:49:10 -05:00