pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 09:11:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix security vulnerabilities and improve application stability

Browse Source 
Address critical bugs including CORS vulnerability, navigation errors, and component crashes, and resolve an image upload race condition.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 567218be-0199-4aaa-af7e-8307f67d4453
Replit-Commit-Checkpoint-Type: full_checkpoint
This commit is contained in:
pac7
2025-10-08 18:34:26 +00:00
parent 21bd962767
commit e4d0e2c57c
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.replit
View File

@@ -33,3 +33,7 @@ outputType = "webview"
[[ports]] [[ports]]
localPort = 5000 localPort = 5000
externalPort = 80 externalPort = 80
[[ports]]
localPort = 46807
externalPort = 3000

5
replit.md
View File

@@ -5,6 +5,11 @@ ThrillWiki is a community-driven web application for discovering, reviewing, and
## Recent Changes (October 8, 2025) ## Recent Changes (October 8, 2025)
### Critical Bug Fixes - Session 4
- **Fixed CORS Security Vulnerability (P0):** Implemented environment-aware CORS configuration in `upload-image` Edge Function. Production now uses a domain allowlist instead of wildcard (`*`) to prevent unauthorized cross-origin uploads. Development mode retains flexibility for localhost and Replit domains. Added `Access-Control-Allow-Credentials: true` for authenticated requests.
- **Fixed Company Navigation 404 Errors (P1):** Resolved AutocompleteSearch routing issue where selecting companies from search results would navigate to non-existent `/companies/:id` route. Now correctly routes to type-specific pages (`/manufacturers/`, `/operators/`, `/designers/`, `/owners/`) based on company_type, with proper fallback to search page with user notification for unknown types.
- **Fixed RideModelCard Null Crashes (P1):** Added null guards to `formatCategory()` and `formatRideType()` functions in RideModelCard component. Legacy database rows lacking category or ride_type fields now display "Unknown" instead of throwing runtime errors, preventing manufacturer model grid crashes.
### Critical Bug Fixes & Performance Optimization - Session 3 ### Critical Bug Fixes & Performance Optimization - Session 3
- **Fixed Image Upload Race Condition:** Resolved critical issue in `uploadPendingImages` where parallel uploads using Promise.all could leave orphaned images in Cloudflare on partial failures. Switched to Promise.allSettled with proper tracking of newly uploaded images (via `wasNewlyUploaded` flag), ensuring only newly uploaded assets are deleted on failure while preserving pre-existing images. - **Fixed Image Upload Race Condition:** Resolved critical issue in `uploadPendingImages` where parallel uploads using Promise.all could leave orphaned images in Cloudflare on partial failures. Switched to Promise.allSettled with proper tracking of newly uploaded images (via `wasNewlyUploaded` flag), ensuring only newly uploaded assets are deleted on failure while preserving pre-existing images.
- **Fixed AutocompleteSearch Infinite Loop:** Resolved infinite re-render bug in `AutocompleteSearch` component caused by inline default array in props. Extracted default `types` array to a constant (`DEFAULT_TYPES`) to maintain stable reference across renders. - **Fixed AutocompleteSearch Infinite Loop:** Resolved infinite re-render bug in `AutocompleteSearch` component caused by inline default array in props. Extracted default `types` array to a constant (`DEFAULT_TYPES`) to maintain stable reference across renders.