Conversation
Owner
ajslater
commented
May 15, 2026
ajslater
commented
- Fixes
- Crash on Cleanup Favorites Janitor Job.
- Features
- Force Update Tags by individual group.
* bump news * cirlcle ci no longer handles pre-release * remove alpha scripts for circleci" * fix lint-ci * fix pre-relase gha * fix default last route on start pages * bump version * fix default params * alpha2
* bump news * ignore ruff qa for debug build * ignore shellcheck" * lint * minor refactors of opds v2 feed
A fresh browser visit to Codex probes /api/v3/auth/profile/ before any
session cookie exists, which Django's BaseHandler.get_response logs as
a WARNING ("Forbidden: /api/v3/auth/profile/") for every first-time
visitor. That drowns the main log in routine noise.
Add a logging.Filter on django.request that downgrades records matching
that exact "Forbidden: <path>" pattern to DEBUG, parameterized by a
small frozenset of known-noisy paths so abuse on other endpoints still
surfaces at WARNING.
Also move django.request into the loggers dict where dictConfig will
actually see it — the old top-level placement was silently ignored.
Records still flow to the root loguru handler via propagation.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add not_failed_login_filter and attach it to the stdout / codex.log
sinks so the IP-bearing line is written only to failed_logins.log.
Django's own request logger still emits a bare WARNING for each
failed attempt ("Unauthorized: /api/v3/auth/login/" etc.) so the
failure remains visible in codex.log without exposing the client IP.
Concentrating IP + username in one file makes the privacy story
easier to reason about: one file to chmod, forward to a SIEM, or
retain on its own schedule.
The inverse filter is only attached when the feature is enabled —
when disabled, no records carry the tag and the filter would be a
no-op anyway.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…n groups (#762) The browser table-view PR (#745) routed group-row scalar / M2M sort through ``scalar_intersection_sort_expr`` / ``m2m_intersection_sort_expr`` for every view mode. Intersection returns NULL when a group's children disagree on the sorted field, which is correct for table view (sort matches the intersection cell display) but blanks the order_value caption beneath cover-mode cards for any group with mixed children. The user reported this for Publish Date across publishers, series, and folders. Gate the intersection branch on ``view_mode == "table"`` so cover mode falls back to the pre-table-view aggregate (Min/Max/Avg/Sum) for scalars and ``sort_name`` for M2M. Regression test reproduces the user's scenario: a "Mixed" series with children at year=2018 and year=2024 returned orderValue=null before; now returns "2018" (Min aggregate). Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Three coupled issues prevented browsing the dev server from a second machine on the LAN. bin/dev-server.sh - Drop ``export VITE_HOST=localhost`` default. It overrode Django's ``_vite_dev_server_host()`` auto-derivation, so even with mDNS resolution working, django-vite rendered ``<script src="http://localhost:5173/...">`` and LAN browsers tried to load the bundle from their own loopback. frontend/vite.config.js - ``server.cors.origin``: Vite 6+ defaults to a regex matching only ``localhost`` / loopback origins. Cross-origin fetches from the Django dev server (``http://<host>:9810``) to the Vite dev server (``http://<host>:5173``) returned ``Vary: Origin`` without ``Access-Control-Allow-Origin`` and the browser blocked the scripts. Mirror ``allowedHosts`` into a port-agnostic CORS regex. - ``server.hmr.host``: with ``server.host: true``, Vite bakes ``localhost`` into the HMR client's ``directSocketHost`` / ``socketHost`` strings. LAN browsers then opened the HMR WebSocket against their own loopback and got ERR_CONNECTION_REFUSED. Set ``hmr.host`` to the same ``VITE_HOST`` / mDNS-mangled hostname Django uses for the ``<script src>`` so the embedded URL agrees with where the page actually loaded the module from. - Include the resolved host in ``allowedHosts`` so an explicit ``VITE_HOST=...`` override (not matching ``os.hostname()``) is also trusted by Vite's host-header check and the new CORS regex. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Each MetadataText value rendered with `overflow-y: scroll`, which forces a scrollbar even when no max-height is set. Chromium-based Edge on Windows draws classic scrollbar arrow buttons on every forced scrollbar, producing visible up/down chevrons next to single-line values like the publisher, bookmark progress, and date. Other Chromium browsers don't draw the arrows, so this only manifested on Edge. Switch to `overflow-y: auto` so the scrollbar only appears for the two fields that actually need it (Summary and Review, which have `max-height: 100`). The `isOverflow` measurement still works since it compares `clientHeight` to `scrollHeight`, which is identical under `auto`. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Override v-window's default touch handlers in the horizontal pager so left/right swipes route through ``routeToDirection`` instead of trying to flip between the (disabled) v-window items. Mirrors the keyboard arrow behavior, so RTL handling is automatic via ``normalizeDirection``. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ty (#768) JanitorCleanupFavoritesTask was wired into janitor dispatch, nightly queueing, and the admin task map, but missing from _SCRIBE_TASK_PRIORITY. When the task hit the scribe queue, tuple.index() raised ValueError, the put silently failed, and "Cleanup Orphans Favorites" stayed pending forever. Add it to the priority tuple and align Bookmarks/Settings ordering with _NIGHTLY_TASK_CLASSES so the two tuples stay in sync. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.