arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix: don't expose JWT-related errors (#4892)

Browse Source 
The share / public router would expose the parse error of JWTs when
serving images, leading to unnecesasry information disclosure.

Replace any error with a generic "invalid request" as is already done
when serving the streams themselves.
This commit is contained in:
Alex Gustafsson
2026-01-16 12:20:10 +01:00
committed by GitHub
parent 9ab0c2dc67
commit 13be8e6dfb
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/public/handle_images.go
+1 -1
View File
@@ -35,7 +35,7 @@ func (pub *Router) handleImages(w http.ResponseWriter, r *http.Request) {
artId, err := decodeArtworkID(id) artId, err := decodeArtworkID(id)
if err != nil { if err != nil {
log.Error(r, "Error decoding artwork id", "id", id, err) log.Error(r, "Error decoding artwork id", "id", id, err)
http.Error(w, err.Error(), http.StatusBadRequest) http.Error(w, "invalid request", http.StatusBadRequest)
return return
} }
size := p.IntOr("size", 0) size := p.IntOr("size", 0)