diff --git a/docs/04-theming-and-users.md b/docs/04-theming-and-users.md index 3bdbda9..c7931f3 100644 --- a/docs/04-theming-and-users.md +++ b/docs/04-theming-and-users.md @@ -231,6 +231,29 @@ Cast/crew hide rule, Cineplex `@import`, `LoginDisclaimer` and `/web/index.html` (favicon, `ARRFLIX`, `splashLogo`) was not touched — that asset is owned by the index-patcher. +### 3b. ARRFLIX logo override fix re-applied 2026-05-08 (second time) + +Re-curling `/System/Configuration/branding` after §3a was applied showed +the broken three-selector / dual-property rule was back: `.adminDrawerLogo +img, .imgLogoIcon, .pageTitleWithLogo { content: url(...); background-image: +url(...); }`. The §3a fix had been silently overwritten by a sibling agent +that POSTed a full branding payload (LoginDisclaimer + SplashscreenEnabled + +its own stale CustomCss) without first GETting the latest CustomCss. Because +the Jellyfin branding endpoint takes a complete object on every POST and +has no field-level merge, whichever POST lands last wins — there is no +locking, no ETag, no patch semantics. Fix re-applied surgically (split +selectors, drop `.imgLogoIcon`, preserve the data-URL bytes verbatim, +preserve the cast/crew hide, Cineplex `@import`, Quick Connect hide, and +both LoginDisclaimer/SplashscreenEnabled values) and re-verified via +`/Branding/Configuration`. **Operational rule:** any agent or script touching +`/System/Configuration/branding` must (a) GET first, (b) edit only the +fields it owns, (c) POST the full object, and the branding-CSS POST must +be the **last** POST in any sequence that touches this endpoint — otherwise +a later sibling POST will silently re-stack the logo. If you find yourself +about to POST branding for any reason, GET `/System/Configuration/branding` +first and confirm the override block matches the §3a skeleton before +sending. + --- ## 4. Multi-user UX prep