83df3773ae
Two issues from on-device testing against prod HTTPS: 1. ServerImage was resolving cover URLs correctly (https://minstrel.fabledsword.com/api/albums/.../cover) but the server returned 401 because Image.network doesn't carry the session token automatically the way the browser sends cookies. Forwards the stored session token as an Authorization: Bearer header. No-op when no token is present. 2. The "Cleartext HTTP traffic to 127.0.0.1" audio error reproduced even after the previous defensive check landed, which means the URL handed to ExoPlayer has a valid scheme+host (just the wrong host). The check only catches scheme-less URLs, so it didn't fire. Added debugPrint logging at configure() and setQueueFromTracks() time to show the actual baseUrl + per-track resolved URL on the next reproduction. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>