mirror of
https://github.com/navidrome/navidrome.git
synced 2026-03-04 06:35:52 +00:00
9a004fd043
Fix two issues from PR #5045 review. The Rust code generator was producing incorrect skip_serializing_if attributes: map types incorrectly used Option::is_none instead of HashMap::is_empty, and the bare int type for HTTPHandleResponse.Status fell through to the default Option::is_none case. The map fix is in skipSerializingFunc; the int issue is fixed at the source by changing Status from int to int32 (HTTP status codes always fit in int32, and this avoids platform-dependent int sizing on i386 vs amd64). Additionally, plugin HTTP responses now include forced security headers (X-Content-Type-Options: nosniff and a restrictive Content-Security-Policy with sandbox) to prevent XSS from compromised plugins serving HTML+JS on the same origin as Navidrome.