chris/frigate
1
0
Fork 0
forked from Github/frigate
Code Pull Requests Packages Activity

Security fixes (#8081)

Browse Source 
* use safeloader

* use json responses wherever possible

* remove CORS and add CSRF token

* formatting fixes

* add envjs back

* fix baseurl test
This commit is contained in:
Blake Blackshear
2023-10-06 22:20:30 -05:00
committed by GitHub
parent 9a4f970337
commit 14d2b79c72
24 changed files with 1357 additions and 488 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/components/CameraImage.jsx
View File

@@ -58,7 +58,7 @@ export default function CameraImage({ camera, onload, searchParams = '', stretch
if (!config || scaledHeight === 0 || !canvasRef.current) {
return;
}
img.src = `${apiHost}/api/${name}/latest.jpg?h=${scaledHeight}${searchParams ? `&${searchParams}` : ''}`;
img.src = `${apiHost}api/${name}/latest.jpg?h=${scaledHeight}${searchParams ? `&${searchParams}` : ''}`;
}, [apiHost, canvasRef, name, img, searchParams, scaledHeight, config]);
return (

4
web/src/components/HistoryViewer/HistoryVideo.tsx
View File

@@ -56,10 +56,10 @@ export const HistoryVideo = ({
}
video.src({
src: `${apiHost}/vod/event/${id}/master.m3u8`,
src: `${apiHost}vod/event/${id}/master.m3u8`,
type: 'application/vnd.apple.mpegurl',
});
video.poster(`${apiHost}/api/events/${id}/snapshot.jpg`);
video.poster(`${apiHost}api/events/${id}/snapshot.jpg`);
if (videoIsPlaying) {
video.play();
}

3
web/src/components/MultiSelect.jsx
View File

@@ -61,8 +61,7 @@ export default function MultiSelect({ className, title, options, selection, onTo
className="max-h-[35px] mx-2"
onClick={() => onSelectSingle(item)}
>
{ (title === "Labels" && config.audio.listen.includes(item)) ? ( <SpeakerIcon /> ) : ( <CameraIcon /> ) }
{title === 'Labels' && config.audio.listen.includes(item) ? <SpeakerIcon /> : <CameraIcon />}
</Button>
</div>
</div>

2
web/src/components/RecordingPlaylist.jsx
View File

@@ -153,7 +153,7 @@ export function EventCard({ camera, event }) {
<Link className="" href={`/recording/${camera}/${format(start, 'yyyy-MM-dd/HH/mm/ss')}`}>
<div className="flex flex-row mb-2">
<div className="w-28 mr-4">
<img className="antialiased" loading="lazy" src={`${apiHost}/api/events/${event.id}/thumbnail.jpg`} />
<img className="antialiased" loading="lazy" src={`${apiHost}api/events/${event.id}/thumbnail.jpg`} />
</div>
<div className="flex flex-row w-full border-b">
<div className="w-full text-gray-700 font-semibold relative pt-0">