ScreenTinker b4ac2fb821 Fix broken service worker + device auth rejection on playlist refresh ... Bug 1 (SW): Rewrote service worker fetch handler: - Skip range requests (video seeking) to avoid caching partial responses - Skip non-GET requests entirely - Use ignoreSearch on cache match to avoid query-param misses - Don't cache opaque cross-origin responses - Outer catch on Cache API failures - Don't intercept catch-all requests (let browser handle natively) - Bump cache version to v4 to purge broken cached responses Bug 2 (auth): Playlist refresh register was missing device_token, causing auth rejection every 5 minutes. Fixed by including token in the refresh-register emit. Added diagnostic logging on both client and server for token validation failures. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-04-13 22:18:08 -05:00
..
db	Phase 3: playlist publish/draft state with auto-publish from device detail	2026-04-13 20:52:29 -05:00
middleware	Security audit remediation: auth, IDOR, XSS, hardening	2026-04-11 22:48:07 -05:00
player	Fix broken service worker + device auth rejection on playlist refresh	2026-04-13 22:18:08 -05:00
routes	Fix 8 security findings from Phase 3 audit + device-detail banner refresh	2026-04-13 21:36:16 -05:00
services	Phase 2: schedules accept playlist_id, scheduler overrides device playlist	2026-04-11 22:07:36 -05:00
ws	Fix broken service worker + device auth rejection on playlist refresh	2026-04-13 22:18:08 -05:00
config.js	Initial open source release	2026-04-08 12:14:53 -05:00
package-lock.json	Initial open source release	2026-04-08 12:14:53 -05:00
package.json	Initial open source release	2026-04-08 12:14:53 -05:00
server.js	Security audit remediation: auth, IDOR, XSS, hardening	2026-04-11 22:48:07 -05:00