Fix version 4.9 log-viewer paths hard coding

app/Providers/AppServiceProvider.php

@@ -115,8 +115,11 @@ public function boot()
 		 */
 		LogViewer::auth(function ($request) {
 			// We must disable unsafe-eval because vue3 used by log-viewer requires it.
+			// We must disable unsafe-inline because log-viewer uses inline script with parameter to boot.
+			// Those parameters are not know by Lychee if someone modifies the config.
 			// We only do that in that specific case. It is disabled by default otherwise.
 			config(['secure-headers.csp.script-src.unsafe-eval' => true]);
+			config(['secure-headers.csp.script-src.unsafe-inline' => true]);
 
 			// Allow to bypass when debug is ON and when env is dev
 			// At this point, it is no longer our fault if the Lychee admin have their logs publically accessible.

config/log-viewer.php

@@ -45,7 +45,7 @@
 	|
 	*/
 
-	'back_to_system_url' => config('app.url', null),
+	'back_to_system_url' => '../', // config('app.url', null),
 
 	'back_to_system_label' => null, // Displayed by default: "Back to {{ app.name }}"
 

config/secure-headers.php

@@ -512,7 +512,6 @@
 					// upload.check()
 					'CL4mGy9ZhHM+PkLDZsWVuM25kEFBv3FXlmWe/O9Unmc=',
 
-					'UGZMnMEgbggabrnTmjaxzU2xHCzzqWszgOgN/xRyKn4=',
 					/*
 	document.addEventListener("DOMContentLoaded", function(event) {
 		document.querySelector("form").addEventListener("submit", function(e){

database/migrations/2023_05_19_131139_bump_version040901.php

@@ -0,0 +1,26 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\DB;
+
+return new class() extends Migration {
+	/**
+	 * Run the migrations.
+	 *
+	 * @return void
+	 */
+	public function up(): void
+	{
+		DB::table('configs')->where('key', 'version')->update(['value' => '040901']);
+	}
+
+	/**
+	 * Reverse the migrations.
+	 *
+	 * @return void
+	 */
+	public function down(): void
+	{
+		DB::table('configs')->where('key', 'version')->update(['value' => '040900']);
+	}
+};

version.md

@@ -1 +1 @@
-4.9.0
+4.9.1