From ba4c281ce04968d49f9bb8bf670ee4c4506f4918 Mon Sep 17 00:00:00 2001 From: s8n Date: Fri, 8 May 2026 03:26:19 +0100 Subject: [PATCH] =?UTF-8?q?doc=2004=20=C2=A73b:=20triple-logo=20fix=20re-a?= =?UTF-8?q?pplied=20(sibling=20POST=20overwrote=20first=20attempt)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Branding endpoint accepts full-object POSTs only — no field-level merge, no ETag locking. Concurrent agents writing to /System/Configuration/branding race; last writer wins. Lock-in: branding-CSS POST must be the final POST in any sequence touching that endpoint. --- docs/04-theming-and-users.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/docs/04-theming-and-users.md b/docs/04-theming-and-users.md index 3bdbda9..c7931f3 100644 --- a/docs/04-theming-and-users.md +++ b/docs/04-theming-and-users.md @@ -231,6 +231,29 @@ Cast/crew hide rule, Cineplex `@import`, `LoginDisclaimer` and `/web/index.html` (favicon, `ARRFLIX`, `splashLogo`) was not touched — that asset is owned by the index-patcher. +### 3b. ARRFLIX logo override fix re-applied 2026-05-08 (second time) + +Re-curling `/System/Configuration/branding` after §3a was applied showed +the broken three-selector / dual-property rule was back: `.adminDrawerLogo +img, .imgLogoIcon, .pageTitleWithLogo { content: url(...); background-image: +url(...); }`. The §3a fix had been silently overwritten by a sibling agent +that POSTed a full branding payload (LoginDisclaimer + SplashscreenEnabled + +its own stale CustomCss) without first GETting the latest CustomCss. Because +the Jellyfin branding endpoint takes a complete object on every POST and +has no field-level merge, whichever POST lands last wins — there is no +locking, no ETag, no patch semantics. Fix re-applied surgically (split +selectors, drop `.imgLogoIcon`, preserve the data-URL bytes verbatim, +preserve the cast/crew hide, Cineplex `@import`, Quick Connect hide, and +both LoginDisclaimer/SplashscreenEnabled values) and re-verified via +`/Branding/Configuration`. **Operational rule:** any agent or script touching +`/System/Configuration/branding` must (a) GET first, (b) edit only the +fields it owns, (c) POST the full object, and the branding-CSS POST must +be the **last** POST in any sequence that touches this endpoint — otherwise +a later sibling POST will silently re-stack the logo. If you find yourself +about to POST branding for any reason, GET `/System/Configuration/branding` +first and confirm the override block matches the §3a skeleton before +sending. + --- ## 4. Multi-user UX prep