Fix authenticated media flows and upload preflight handling
This commit is contained in:
@@ -49,6 +49,13 @@ Do not hardcode new palette or spacing values in component styles when a token a
|
||||
- Do not render queued headers before their animation starts, even when polling returns batched updates.
|
||||
- Preserve existing header content format and fold/unfold detail behavior as lines are revealed.
|
||||
|
||||
## Authenticated Media Delivery
|
||||
|
||||
- Document previews and thumbnails must load through authenticated fetch flows in `frontend/src/lib/api.ts`, then render via temporary object URLs.
|
||||
- Direct `window.open` calls for protected media endpoints are not allowed because browser navigation requests do not include the API token header.
|
||||
- Download actions for original files and markdown exports must use authenticated blob fetches plus controlled browser download triggers.
|
||||
- Revoke all temporary object URLs after replacement, unmount, or completion to prevent browser memory leaks.
|
||||
|
||||
## Extension Checklist
|
||||
|
||||
When adding or redesigning a UI area:
|
||||
|
||||
Reference in New Issue
Block a user