What's new
docker pull ghcr.io/new-usemame/calibre-web-nextgen:v4.0.95
(or :latest)
OPDS readers no longer see HTML on a 401
If your OPDS reader (Readest, KOReader, generic Atom client) hit /opds without credentials — or with the wrong ones — and anonymous browsing was off, it got back a page of HTML instead of an Atom feed. Readers can't parse HTML, so the user saw "broken feed" or a silent failure. As of v4.0.95, every OPDS error response is Atom XML.
This is the follow-up to v4.0.92 (#255). That release shipped blueprint error handlers that caught explicit abort(401|403|404|500) calls from inside route handlers. The path that comes through requires_basic_auth_if_no_ano is different — it calls Flask-HTTPAuth's auth.auth_error_callback(401) directly, which short-circuits the blueprint pipeline and returns HTML. v4.0.95 overrides that callback to branch on request.path: Atom XML + WWW-Authenticate: Basic realm="OPDS" for /opds/*, default HTML for every other Basic-auth consumer (kosync, app passwords).
Live-verified on cwn-local with anon-browse disabled against Readest + KOReader user-agents.