vrr/navidrome
2
0
Fork 0
mirror of https://github.com/navidrome/navidrome.git synced 2026-04-28 03:19:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

fix: don't expose JWT-related errors (#4892)
Some checks are pending
Pipeline: Test, Lint, Build / Build-8 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-9 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Push to GHCR (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Push to Docker Hub (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Cleanup digest artifacts (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build Windows installers (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Package/Release (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Upload Linux PKG (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Get version info (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Lint Go code (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Test Go code (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Test JS code (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Lint i18n files (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Check Docker configuration (push) Waiting to run
Details
Pipeline: Test, Lint, Build / Build (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-1 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-2 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-3 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-4 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-5 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-6 (push) Blocked by required conditions
Details
Pipeline: Test, Lint, Build / Build-7 (push) Blocked by required conditions
Details

Browse source 
The share / public router would expose the parse error of JWTs when
serving images, leading to unnecesasry information disclosure.

Replace any error with a generic "invalid request" as is already done
when serving the streams themselves.
This commit is contained in:
Alex Gustafsson 2026-01-16 12:20:10 +01:00 committed by GitHub
parent 9ab0c2dc67
commit 13be8e6dfb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
server/public/handle_images.go
View file

@ -35,7 +35,7 @@ func (pub *Router) handleImages(w http.ResponseWriter, r *http.Request) {
artId, err := decodeArtworkID(id)
if err != nil {
log.Error(r, "Error decoding artwork id", "id", id, err)
http.Error(w, err.Error(), http.StatusBadRequest)
http.Error(w, "invalid request", http.StatusBadRequest)
return
}
size := p.IntOr("size", 0)