When you download/save proxified media, the original filename is lost. That
information could be retained by passing a header `Content-Disposition: inline;
filename="ORIGNAL_FILENAME.EXT"` when serving the media file. The requested URL
would still be obfuscated, but if the client downloads the file it'll use that
original filename.
Since go-webauthn v0.11.0, the backup eligibility flag is strictly validated, but Miniflux does not store this flag.
This workaround to set the flag based on the parsed response, and avoid "BackupEligible flag inconsistency detected during login validation" error.
See https://github.com/go-webauthn/webauthn/pull/240
When a server returns a 304 response with a strong validator, any other
stored fields must be updated if they are also present in the response.
This behaviour is described in RFC9111, sections 3.2 and 4.3.4.
Shared entry does not link to any user and therefore should not display
any saved progression. Curiously, the progression of a user (the one that shared ?)
was still integrated in the page. This does not make sens regarding the sharing
feature itself. It is also a leak of user personal information onto a public page.
I simply removed the data from the template when the user object is not present.
I tested the change on "regular" entry page, ensuring the save progression feature
still works, and on shared page checking if any error happened in the JavaScript console.
Everything seems in order.
When upgrading my installation, I noticed that `miniflux -migrate` does
not provide any output by default. This can be a bit confusing since one
cannot be sure whether anything has happened. Use `Info` instead of
`Debug` to provide some basic output by default.
[LibreJS][0] is a browser extension developed by GNU which ensures only Free (libre) JavaScript is run. To determine whether given JavaScript is Free, LibreJS consults metadata included in the JavaScript file. Since Miniflux is Free Software, getting its JavaScript to work when LibreJS is installed is just a matter of adding license metadata to the returned JavaScript source.
[0]: https://www.gnu.org/software/librejs/index.html
Currently there's no way through the API to mimic the Unread page of the client.
This is now possible by filtering on globally_visible=true and status=unread.
