bugfix: tighten validation, drop dead sendBeacon, NUL byte (0.34.1)

Five small fixes from REVIEW.md §2/§4/§8:

- attach_tag: 64-char cap at the handler so the validation error
  envelope matches username/collection-name.
- create_token: same 64-char cap on bot token names.
- LocalStorage::resolve rejects NUL bytes explicitly so callers see
  BadKey instead of an opaque IO error.
- sendBeacon dropped from the reader's pagehide flush — it's POST-only
  and the server's read-progress route is PUT, so every page-close
  was logging a 405 then falling through to the same keepalive fetch
  anyway. Keepalive fetch is now the only path.
- Frontend logout sets content-type: application/json for symmetry
  with the other mutation helpers.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

This commit is contained in:

MechaCat02

2026-05-28 19:17:01 +02:00

parent e7662d18d6

commit 8667f8b957

11 changed files with 137 additions and 34 deletions

									
										2

frontend/package.json
									
												View File
												
				@@ -1,6 +1,6 @@

				{

				  "name": "mangalord-frontend",

				  "version": "0.34.0",

				  "version": "0.34.1",

				  "private": true,

				  "type": "module",

				  "scripts": {

bugfix: tighten validation, drop dead sendBeacon, NUL byte (0.34.1)

2 frontend/package.json Unescape Escape View File

2

frontend/package.json

View File