• v26.05.27.2 Stable

    bvandeusen released this 2026-05-27 21:34:28 -04:00 | 537 commits to dev since this release

    SubscribeStar + HentaiFoundry cookie quirks fixed, platforms package refactor, Showcase IR-parity (R-key reshuffle + stagger entry animation), full Secure-Context API audit. PR #30 → merge commit 9075d8e (parent[1] = dev HEAD df6d89c verified).

    Highlights

    SubscribeStar source checks work again. gallery-dl was aborting on HTTP redirect to /age_confirmation_warning because the _personalization_id age cookie expires annually and can't be refreshed from a logged-in browser session (SubscribeStar's frontend JS suppresses the popup via localStorage). Backend now injects 18_plus_agreement_generic=true when materializing subscribestar cookies for gallery-dl — mirrors gallery-dl's own login-flow workaround.

    HentaiFoundry source checks work again. gallery-dl uses cookies.get("PHPSESSID", domain="www.hentai-foundry.com") with requests' EXACT domain matching, but the extension was rewriting host-only cookies to subdomain-wide form. The lookup missed, gallery-dl fell into a 401'ing ?enterAgree=1 fallback. Backend now injects host-only PHPSESSID/CSRF duplicates at cookies-file materialization. Extension v1.0.5 also respects c.hostOnly natively for fresh captures.

    Platforms package refactor. services/platforms.py is now services/platforms/, one module per platform. Each module owns ALL its quirks (cookie augmentation, post-URL derivation, sidecar-key chain overrides). Adding a new source is a three-step recipe: drop the module, declare INFO = PlatformInfo(...), add the import. Sidecar parsing, cookie materialization, and /api/platforms pick it up automatically.

    Showcase IR-parity restored. Press R anywhere on /showcase to reshuffle. Stagger fade-in entry animation on initial load and shuffle (12px translateY, 0.25s, 60ms per item). Honors prefers-reduced-motion. Infinite-scroll appends are silent.

    Secure-Context audit + fixes. The Cleanup → Min-Dimensions Delete button was silently no-op'ing because crypto.subtle is undefined on plain-HTTP origins (homelab posture). Audited the whole frontend/src/ for the same shape — found a second site (BulkEditorPanel.vue) with the same bug plus a latent kind-vs-token mismatch that would have failed even on HTTPS. Both fixed by having the backend hand the canonical confirm token back in the dry-run/preview response; new expectedTokenOverride prop on DestructiveConfirmModal decouples UI label from wire-format token. Banked feedback_no_secure_context_apis.md so future agents catch the pattern in design.

    Migrations

    None.

    Deploy

    docker compose pull && docker compose up -d --force-recreate app worker ml-worker scheduler web

    Or pin: image: git.fabledsword.com/bvandeusen/fabledcurator:v26.05.27.2

    No browser-side re-export needed — both SubscribeStar and HentaiFoundry fixes work with your already-stored cookies. The extension v1.0.5 update is forward-compat only (fresh captures preserve hostOnly natively); reinstall is optional.

    Downloads