Finding
The backend serves local media paths from request parameters while applying permissive CORS. This is a high-risk local-file exposure surface for a desktop app.
Evidence
- backend/src/main.rs media handlers accept path query values.
- backend/src/util.rs resolves user-provided paths.
- Shared response helpers apply wildcard-style CORS.
Acceptance criteria
- Restrict readable paths to explicit project/user-approved roots or signed requests.
- Reject untrusted origins.
- Add tests for rejected path/origin combinations.
Finding
The backend serves local media paths from request parameters while applying permissive CORS. This is a high-risk local-file exposure surface for a desktop app.
Evidence
Acceptance criteria