fix: security hardening and code review improvements
Build and Push Docker Image / build (push) Successful in 12s
Build and Push Docker Image / build (push) Successful in 12s
- hls proxy now signs full URL instead of hostname only (SSRF) - viewer token required to start session (prevents stats forgery and password bypass) - weak SECRET_KEY placeholder replaced with REPLACE_ME, startup warning added - api key auth drops query-string fallback, Bearer header only - hls variant playlist DRM detection fetches first variant - dash manifest DRM detection added - android webview detection restricted to Telegram only - privacy comment removed from ip hash (ip is stored in plaintext) - csv export adds range filter (today/7d/30d/all), defaults to 30d - analytics export button integrated as dropdown with range selection - docker-compose placeholder defaults updated - readme and readme.zh-cn updated for v1.2.0 changes
This commit is contained in:
+2
-1
@@ -1,8 +1,9 @@
|
||||
/*
|
||||
@license
|
||||
Shaka Player
|
||||
Shaka Player v4.10.6
|
||||
Copyright 2016 Google LLC
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
Source: https://github.com/shaka-project/shaka-player/releases/tag/v4.10.6
|
||||
*/
|
||||
(function(){var innerGlobal=typeof window!="undefined"?window:global;var exportTo={};(function(window,global,module){/*
|
||||
|
||||
|
||||
Reference in New Issue
Block a user