alexei.dolgolyov/media-player-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 20 Wiki Activity
Files
v0.3.1
media-player-server/RELEASE_NOTES.md
T
alexei.dolgolyov 82710c6457
Lint & Test / test (push) Has been skipped
Details
Release / create-release (push) Successful in 4s
Details
Release / build-linux (push) Successful in 28s
Details
Release / build-windows (push) Successful in 52s
Details
chore: release v0.3.1
2026-05-25 23:45:08 +03:00

1.3 KiB
Raw Permalink Blame History

v0.3.1 (2026-05-25)

Hotfix for the v0.3.0 production-readiness release: the new WebSocket Origin allow-list rejected same-origin connections from any LAN IP, breaking the Web UI on host: 0.0.0.0 deployments unless cors_origins was explicitly configured.

Bug Fixes

  • WebSocket Origin check now accepts same-origin connections. When cors_origins is unset, the default allow-list was hard-coded to http://localhost:<port> + http://127.0.0.1:<port>, so a browser opening the UI via the LAN IP (e.g. http://192.168.2.100:8765) had its WebSocket closed with code 4003 ("Origin not allowed") and never recovered. The endpoint now also accepts any Origin whose authority matches the request's Host header (with either http:// or https:// scheme) — same-origin connections are by definition not CSWSH, so the cross-origin defence introduced in v0.3.0 is preserved. (9b9a2b5)
All Commits
Hash Message Author
9b9a2b5 fix(ws): accept same-origin WebSocket connections in default Origin allow-list alexei.dolgolyov
Reference in New Issue View Git Blame Copy Permalink