Fix #90
Fix #90
Conversation
Makhuta
commented
Feb 18, 2025
Makhuta
commented
- fixed the issue with the redirect being security threat
- logging all used/possible images for fanart/poster
|
Wow @Makhuta I didnt think you would even see my message, let alone provide a fix so quickly! Thank you so much! Ill check it out. |
|
Yeah, I was just readying myself to go to bed and I got the notification 😄 |
|
Let me know if any other issue arisees 😄 Won't mind the ping if the fix go through 😁 |
Ill let you know if this is good enough or not. Thanks again for the quick response! |
|
@Makhuta Sorry to bother you again. This is the response I got: It's better, but you are still providing an unauthenticated endpoint. Any ideas how to satisfy his request? |
|
OMG... Then it needs to be changed by downloading the images into some folder and providing like that so the only access would be inside the integration and everything else will be already cached inside HA Edit: I will look into it later today. |
Are there any cases where new images wouldn't be downloadable/available to the integration from the Plex server? |
|
I don't think so and even if there was this could be checked in the current redirect which will also need rewrite acording to the necessary changes |
|
Just made pull request @mkanet hope it will now suffice 🤞 |
|
@Makhuta unfortunately, he said this is actually worse. However, he offered a solution. Do you think you could use the solution he offered? I think this is the only way he will approve this integration from being added to HACS. Ludeeus — Yesterday at 10:04 PM https://www.home-assistant.io/blog/2021/01/22/security-disclosure/ It is the only option. |
|
Maaaan I understand the issue but this is so frustrating. Ok I will look into it. 😑 |
Yeah, I know it sucks. Unfortunately, this appears to be the only way we can get this integration approved on HACS. |
|
BTW if you have Discord you can contact me here |
2 participants
