fix: don't expose JWT-related errors (#4892)

The share / public router would expose the parse error of JWTs when serving images, leading to unnecesasry information disclosure. Replace any error with a generic "invalid request" as is already done when serving the streams themselves.
2026-01-16 12:20:10 +01:00
parent 9ab0c2dc67
commit 13be8e6dfb
1 changed files with 1 additions and 1 deletions
@@ -35,7 +35,7 @@ func (pub *Router) handleImages(w http.ResponseWriter, r *http.Request) {
 	artId, err := decodeArtworkID(id)
 	if err != nil {
 		log.Error(r, "Error decoding artwork id", "id", id, err)
-		http.Error(w, err.Error(), http.StatusBadRequest)
+		http.Error(w, "invalid request", http.StatusBadRequest)
 		return
 	}
 	size := p.IntOr("size", 0)