feat: add API-Friendly security header preset for mobile apps

Browse Source

- Add new API-Friendly preset (70/100) optimized for mobile apps and API clients
- CORP set to "cross-origin" to allow mobile app access
- CSP disabled as APIs don't need content security policy
- Add tooltips to preset cards explaining use cases and compatibility
- Add warning banner in ProxyHostForm when Strict/Paranoid selected
- Warn users about mobile app compatibility issues

Presets now: Basic (65) < API-Friendly (70) < Strict (85) < Paranoid (100)

Recommended for: Radarr, Sonarr, Plex, Jellyfin, Home Assistant, Vaultwarden

...

This commit is contained in:

GitHub Actions

2025-12-19 01:16:21 +00:00

parent 47f42125b1

commit 62f649ef5b

9 changed files with 1590 additions and 773 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

docs/plans/current_spec.md

+531 -538

File diff suppressed because it is too large Load Diff