Summary
This PR aligns Listenarr with the *arr standard trust model for Docker/Synology/reverse-proxy deployments, improves background-service resilience, and fixes download client modal test credential fallback.
Changed
- Updated forwarded-header trust behavior to
*Arr standardby trusting private proxy networks:10.0.0.0/8172.16.0.0/12192.168.0.0/16fc00::/7fe80::/10
- Enabled
X-Forwarded-HostalongsideX-Forwarded-ForandX-Forwarded-Proto. - Updated caller trust/redaction behavior so private-network callers are treated as trusted perimeter callers, while public-network callers still require admin/API-key auth for unredacted values.
- Relaxed private-target blocking in indexer and download-client connectivity test flows for containerized LAN use cases.
- Hardened background/hosted service cancellation and timeout handling to reduce host-stop scenarios.
Fixed
- Fixed download client edit-modal test behavior so existing client
idis included in test payloads, allowing backend fallback to saved password/API key when input is blank. - Fixed false-negative connection test behavior for private-network targets in common Synology/Docker bridge setups.
- Fixed FFprobe installer timeout/cancellation behavior that could bubble into host-level failures.
Added
- Added API tests for forwarded-header trust model and private/public redaction behavior.
- Added/updated tests for indexer and download-client test flows.
- Added frontend unit test assertions for edit-modal test payload
idbehavior.
Removed
- Removed over-restrictive private/loopback target blocking from download-client/indexer connectivity test paths.
Automated canary build