diff --git a/Dockerfile b/Dockerfile
index 2c15dc6c0..7963407c3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -56,12 +56,12 @@ COPY --link --chmod=755 docker-entrypoint.sh /usr/local/bin/
RUN apk add --no-cache su-exec
-ENV HOSTNAME=::
+ENV HOSTNAME=0.0.0.0
ENV PORT=3000
EXPOSE $PORT
HEALTHCHECK --interval=10s --timeout=3s --start-period=20s \
- CMD wget --no-verbose --tries=1 --spider --no-check-certificate http://localhost:$PORT/api/healthcheck || exit 1
+ CMD wget --no-verbose --tries=1 --spider --no-check-certificate http://127.0.0.1:$PORT/api/healthcheck || exit 1
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["node", "server.js"]
diff --git a/docs/installation/index.md b/docs/installation/index.md
index dd8c18f3d..cc5f7a078 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -29,4 +29,8 @@ You have a few options for deploying homepage, depending on your needs. We offer
### `HOMEPAGE_ALLOWED_HOSTS`
-As of v1.0 there is one required environment variable when deploying via a public URL, HOMEPAGE_ALLOWED_HOSTS. This is a comma separated (no spaces) list of allowed hosts (sometimes with the port) that can access your homepage. See the [docker](docker.md) and [source](source.md) installation pages for examples.
+As of v1.0 there is one required environment variable when deploying via a public URL, HOMEPAGE_ALLOWED_HOSTS. This is a comma separated (no spaces) list of allowed hosts (sometimes with the port) that can access your homepage. See the [docker](docker.md) and [source](source.md) installation pages for more information.
+
+`localhost:3000` and `127.0.0.1:3000` are always allowed, but you can add a domain or IP address to this list to allow access from that host such as `HOMEPAGE_ALLOWED_HOSTS=gethomepage.dev,192.168.1.2:1234`, etc.
+
+This can be disabled by setting `HOMEPAGE_ALLOWED_HOSTS` to `*` but this is not recommended.
diff --git a/docs/installation/k8s.md b/docs/installation/k8s.md
index a8cdc8d67..87112f0fc 100644
--- a/docs/installation/k8s.md
+++ b/docs/installation/k8s.md
@@ -223,6 +223,9 @@ spec:
- name: homepage
image: "ghcr.io/gethomepage/homepage:latest"
imagePullPolicy: Always
+ env:
+ - name: HOMEPAGE_ALLOWED_HOSTS
+ value: gethomepage.dev # required, may need port
ports:
- name: http
containerPort: 3000
diff --git a/src/components/bookmarks/item.jsx b/src/components/bookmarks/item.jsx
index dd18bb71a..4208f0701 100644
--- a/src/components/bookmarks/item.jsx
+++ b/src/components/bookmarks/item.jsx
@@ -22,7 +22,7 @@ export default function Item({ bookmark, iconOnly = false }) {
className={classNames(
settings.cardBlur !== undefined && `backdrop-blur${settings.cardBlur.length ? "-" : ""}${settings.cardBlur}`,
"text-left cursor-pointer transition-all rounded-md font-medium text-theme-700 dark:text-theme-200 dark:hover:text-theme-300 shadow-md shadow-theme-900/10 dark:shadow-theme-900/20 bg-theme-100/20 hover:bg-theme-300/20 dark:bg-white/5 dark:hover:bg-white/10",
- iconOnly ? "h-[60px] w-[60px] grid" : "block w-full h-8 mb-3",
+ iconOnly ? "h-[60px] w-[60px] grid" : "block w-full h-full mb-3",
)}
>
{iconOnly ? (
diff --git a/src/middleware.js b/src/middleware.js
index f20119031..bb9fbea52 100644
--- a/src/middleware.js
+++ b/src/middleware.js
@@ -4,11 +4,12 @@ export function middleware(req) {
// Check the Host header, if HOMEPAGE_ALLOWED_HOSTS is set
const host = req.headers.get("host");
const port = process.env.PORT || 3000;
- let allowedHosts = [`localhost:${port}`];
+ let allowedHosts = [`localhost:${port}`, `127.0.0.1:${port}`];
+ const allowAll = process.env.HOMEPAGE_ALLOWED_HOSTS === "*";
if (process.env.HOMEPAGE_ALLOWED_HOSTS) {
allowedHosts = allowedHosts.concat(process.env.HOMEPAGE_ALLOWED_HOSTS.split(","));
}
- if (!host || !allowedHosts.includes(host)) {
+ if (!allowAll && (!host || !allowedHosts.includes(host))) {
// eslint-disable-next-line no-console
console.error(
`Host validation failed for: ${host}. Hint: Set the HOMEPAGE_ALLOWED_HOSTS environment variable to allow requests from this host / port.`,
diff --git a/src/widgets/emby/component.jsx b/src/widgets/emby/component.jsx
index b37b50187..41220e227 100644
--- a/src/widgets/emby/component.jsx
+++ b/src/widgets/emby/component.jsx
@@ -35,8 +35,8 @@ function generateStreamTitle(session, enableUser, showEpisodeNumber) {
let streamTitle = "";
if (Type === "Episode" && showEpisodeNumber) {
- const seasonStr = `S${ParentIndexNumber.toString().padStart(2, "0")}`;
- const episodeStr = `E${IndexNumber.toString().padStart(2, "0")}`;
+ const seasonStr = ParentIndexNumber ? `S${ParentIndexNumber.toString().padStart(2, "0")}` : "";
+ const episodeStr = IndexNumber ? `E${IndexNumber.toString().padStart(2, "0")}` : "";
streamTitle = `${SeriesName}: ${seasonStr} ยท ${episodeStr} - ${Name}`;
} else {
streamTitle = `${Name}${SeriesName ? ` - ${SeriesName}` : ""}`;
diff --git a/src/widgets/kavita/proxy.js b/src/widgets/kavita/proxy.js
index af29d048a..842e4b875 100644
--- a/src/widgets/kavita/proxy.js
+++ b/src/widgets/kavita/proxy.js
@@ -14,7 +14,11 @@ async function login(widget, service) {
const endpoint = "Account/login";
const api = widgets?.[widget.type]?.api;
const loginUrl = new URL(formatApiCall(api, { endpoint, ...widget }));
- const loginBody = {};
+ const loginBody = {
+ username: "",
+ password: "",
+ apiKey: "",
+ };
if (widget.username && widget.password) {
loginBody.username = widget.username;
loginBody.password = widget.password;
diff --git a/src/widgets/speedtest/component.jsx b/src/widgets/speedtest/component.jsx
index b4fbeaa6a..e34f53aca 100644
--- a/src/widgets/speedtest/component.jsx
+++ b/src/widgets/speedtest/component.jsx
@@ -36,14 +36,14 @@ export default function Component({ service }) {