Closed ChucKN0risK closed 3 weeks ago
While the subsonic docs mention generating a new salt for each request I don't think it actually provides any real security benefit...
I'd go for just adding a config option for reusing the salt for all request, feel free to send a PR if you want, otherwise I'll probably do that together with supporting some of the opensubsonic apis when I have some time.
While the subsonic docs mention generating a new salt for each request I don't think it actually provides any real security benefit...
I agree. And I think that's why the Navidrome team save auth info in the LocalStorage and use them for each request.
I'd love to make a PR however I couldn't find any doc in the repo to start the dev environment of the project and test it. I looked at the commands in the package.json
but couldn't find what I needed.
Could you add some doc to help me started please?
The main issue I have is that all URLs returned by the getCoverArt
method are different even if parameters are the same. Which prevent the browser to cache the image for each song in a list.
I decided to change the API a bit for 3.0, you can now specify a salt to use for all requests or use POST requests with servers that support that opensubsonic extension.
Thanks a lot 🙏 I'll try this out ;)
The authentication token
t
and salts
parameter values are dynamic and change on every request (as I can see here). I suspect this happens on each request whatever the method. I've witnessed this with thegetArtists
andgetCoverArt
methods so far.This prevents the browser from caching images returned by the
getCoverArt
method which is definitely not optimal performance wise.Is there a solution?
Thanks in advance ;)