seemingly as of iOS / macos 26.1, safari started requesting
favicons -- specifically only favicons -- with the incorrect
browser context (they probably forgot to initialize something)
instead of the correct user-agent, it would send:
* iOS: NetworkingExtension/8623.1.14.10.9
* macos: com.apple.WebKit.Networking/21623.1.14.11.9
further, it would NOT send any SameSite=Strict cookies,
which the session-cookie is (for good reason)
putting these two together, safari now looks like a webdav client,
and copyparty sends the only appropriate response (http 401),
resulting in a basic-authentication popup
left with no good options, this is what we can do to mitigate:
* add a new option --ua-nodav which is a regex of user-agents
which are definitely not webdav clients, as macos-finder still
flipflops between WebDAVLib/1.3 and WebDAVFS/3.0.0 like normal
* use the "js=y" cookie as another flag that this is a webbrowser
merry christmas
some reverseproxies do not include a compatible alternative to
x-forwarded-proto by default, while also lacking the option to
set custom headers
add --xf-proto-fb to set a fixed protocol to assume
also closes#1053, a PR which inspired this commit heavily
(slightly different approach for flexibility and performance)
Co-authored-by: Dawson Jeane <dawsonmjeane@gmail.com>
uploading a folder named COMPLE:X into exfat on linux would fail
because exfat behaves like windows, rejecting <>:|?*"\/
this would also fail on windows, but then due to
sanitize_fn being overly aggressive
fix this by detecting filesystem traits on startup and
also translating vpath early on windows
plus these fixes:
* adds a previously missed libvips optimization,
giving much smaller files at the same quality
* try to align the quality-scale of each backend
(pillow, libvips, ffmpeg) by filesize
if x-forwarded-for is present, then also require
x-forwarded-host and x-forwarded-proto
avoids displaying subtly-incorrect values on the connect-page
and instead shows blatantly-incorrect values ("example.com")
the headernames x-forwarded-host and x-forwarded-proto can
be configured with global-options xf-host and xf-proto
* button "dl" in settings UI (always takes precedence)
* global-option and/or volflag "dlni"
* url-parameter ?dlni or ?dlni=0
the preference is applied per-volume when navigating between folders,
unless the settings-button has been toggled, which overrides that
hooks returning exitcode 0 will:
* run the next hook, if any
* allow the original action, unless successive hook opposes
hooks returning exitcode 100 will:
* abort running successive hooks
* allow the original action
hooks returning anything other than 0 or 100 will:
* abort running successive hooks
* REJECT the original action
zmq can now respond with json; a dict with "rc", "rejectmsg",
"reloc" and so on, just like other hooks replying with json
adds functionality to allow browsing .cbz directly in the browser, without downloading them and using a separate program. meant for quickly inspecting the contents, less so for reading.
adds two new api calls, ?zls and ?zget, which return a file listing of a zip file and a specific file in the archive, respectively.
uses the zipfile module, so no support for .cbr etc
Turns the server name into a hyperlink to a spefified URL
Can link back to homepage with `--name-url=/`, controlpanel with
`name-url="/?h"`, or external sites with `name-url="https://foo.bar/"`
on Windows and Macos, most filesystems are case-insensitive,
which can lead to dangerous situations
one example is when another program (not copyparty or its UI) wants to
rename a file from `Foo` to `foo`; the program will probably start by
checking if `foo` exists and then delete it, however this would match
`Foo` and confuse the program into deleting the wrong file
fix this by adding a VERY EXPENSIVE detector to prevent this,
by listing the parent folder and checking if the case matches
this check will auto-enable when a case-insensitive FS is detected on
startup, but option `casechk` (global or volflag) can override this
new options --qr-stdout and --qr-stderr will always print the qr-code
into the console, even if copyparty is running in quiet mode (-q)
closes https://codeberg.org/9001/copyparty/issues/1
