Remove CORS headers to enable universal image support and fix local API server settings.
## Changes
**Remove CORS Headers**
- Remove Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers
- Enables images from any domain (Facebook, Medium, arbitrary websites)
- Database falls back to IndexedDB mode (minimal performance impact)
**Fix Local Development Configuration**
- Set LOCAL_ENDORSER_API_SERVER to http://127.0.0.1:3000 (was "/api")
- Create .env.development with local API server config
- Fix ensureCorrectApiServer() method in HomeView.vue
- "Use Local" button now sets proper localhost address
**Fix Settings Cache Issues**
- Add PlatformServiceMixin to AccountViewView.vue
- Disable settings caching to prevent stale data
- Settings changes now apply immediately without browser refresh
## Impact
**Tradeoffs:**
- Lost: ~2x SharedArrayBuffer database performance
- Gained: Universal image support from any domain
- Result: Better user experience, database still fast via IndexedDB
**Files Modified:**
- Configuration: vite.config.*.mts, index.html, .env.development
- Source: constants/app.ts, libs/util.ts, views/*.vue, utils/PlatformServiceMixin.ts
## Rationale
For a community platform, universal image support is more critical than marginal
database performance gains. Users share images from arbitrary websites, making
CORS restrictions incompatible with Time Safari's core mission.
- Fix EntityIcon.vue to import blank-square.svg as module instead of using relative path
- Update template to use imported SVG path for proper Electron compatibility
- Make contact prop optional in EntityIcon component to fix TypeScript error
- Add proper Settings type imports and method signatures in PlatformServiceMixin.ts
- Replace console statements with logger calls across multiple files
- Resolves SVG loading failures in Electron builds while maintaining web compatibility
- Reduces TypeScript 'any' type warnings from 81 to 53
- Applied transformImageUrlForCors to all image-displaying components
- Added followRedirects: true to image proxy to serve actual content
- Proxy now returns 200 OK with image data instead of 301 redirects
- Maintains CORS headers required for SharedArrayBuffer support
- Added debug logging for proxy response monitoring
Resolves all image loading failures in development environment.
- Add name, description, and agent as optional properties to GenericVerifiableCredential
- Improve type safety and IntelliSense for common claim properties
- Maintain backward compatibility with existing code
- Reduce need for type assertions when accessing claim properties
- Restore runMigrations functionality for database schema migrations
- Remove indexedDBMigrationService.ts (was for IndexedDB to SQLite migration)
- Recreate migrationService.ts and db-sql/migration.ts for schema management
- Add proper TypeScript error handling with type guards in AccountViewView
- Fix CreateAndSubmitClaimResult property access in QuickActionBvcBeginView
- Remove LeafletMouseEvent from Vue components array (it's a type, not component)
- Add null check for UserNameDialog callback to prevent undefined assignment
- Implement extractErrorMessage helper function for consistent error handling
- Update router to remove database-migration route
The migration system now properly handles database schema evolution
across app versions, while the IndexedDB to SQLite migration service
has been removed as it was specific to that one-time migration.
- Remove database migration link from AccountViewView.vue
- Add new "Database Tools" section to StartView.vue
- Improve user flow by making database tools accessible from start page
- Maintain consistent styling and functionality
- Clean up account view to focus on account-specific settings
The database migration feature is now logically grouped with other
identity-related operations and more discoverable for users.
- Break long CSS class strings into multiple concatenated lines
- Ensure all lines are under 100 characters for better readability
- Maintain same functionality and styling behavior
- Improve code maintainability and readability
Fixes: Long lines in conditional CSS class assignment
- Add platform-agnostic parseJsonField utility for contactMethods handling
- Update contact export functions (contactsToExportJson, contactToCsvLine)
- Fix contact storage in QR scan views (ContactQRScanShowView, ContactQRScanFullView)
- Ensure consistent JSON string storage across web SQLite and Capacitor SQLite
- Prevents "[object Object] is not valid JSON" errors when switching platforms
- Maintains compatibility between auto-parsing web SQLite and raw string Capacitor SQLite
Fixes: contactMethods parsing errors in export and QR scan functionality
Related: searchBoxes field had similar issue (already fixed)
- Add contactsToExportJson utility function for standardized data export
- Replace CSV export with JSON format in DataExportSection
- Update file extension and MIME type to application/json
- Remove Dexie-specific export logic in favor of unified SQLite/Dexie approach
- Update success notifications to reflect JSON format
- Add TypeScript interfaces for export data structure
This change improves data portability and standardization by:
- Using a consistent JSON format for data export/import
- Supporting both SQLite and Dexie databases
- Including all contact fields in export
- Properly handling contactMethods as stringified JSON
- Maintaining backward compatibility with existing import tools
Security: No sensitive data exposure, maintains existing access controls
Enhance retrieveSettingsForActiveAccount with better error handling and logging
while maintaining core functionality. Changes focus on making the system more
debuggable and resilient without overcomplicating the logic.
Key improvements:
- Add structured error handling with specific try-catch blocks
- Implement detailed logging with [databaseUtil] prefix for easy filtering
- Add graceful fallbacks for searchBoxes parsing and missing settings
- Improve error recovery paths with safe defaults
- Maintain existing security model and data integrity
Security:
- No sensitive data in logs
- Safe JSON parsing with fallbacks
- Proper error boundaries
- Consistent state management
- Clear fallback paths
Testing:
- Verify settings retrieval works with/without active DID
- Check error handling for invalid searchBoxes
- Confirm logging provides clear debugging context
- Validate fallback to default settings works
The offerGiverDid function was looking for offeredBy at the root level of the
OfferVerifiableCredential, but it was moved to credentialSubject in our interface
changes. This fix updates the function to look in the correct location while
maintaining the same fallback behavior of using the issuer if offeredBy is not
available.
- Update path from claim.offeredBy to claim.credentialSubject.offeredBy
- Remove unnecessary string type cast
- Keep issuer fallback behavior unchanged
- Update AccountKeyInfo interface to handle derivationPath type conflict
- Fix circular dependency by importing KeyMeta directly from interfaces/common
- Use Omit utility type to properly merge Account and KeyMeta types
- Make derivationPath optional in AccountKeyInfo to match Account type
This change resolves type compatibility issues while maintaining
the intended functionality of account metadata handling.
- Update offerGiverDid to use GenericVerifiableCredential as base type
- Add type assertion for OfferVerifiableCredential inside function
- Remove unnecessary type assertion in canFulfillOffer
- Move type imports to their correct source locations:
- GenericCredWrapper, GenericVerifiableCredential from interfaces/common
- GiveSummaryRecord from interfaces/records
- OfferVerifiableCredential from interfaces/claims
- Add null safety check for dbResult in retrieveAccountCount
- Initialize result variable to prevent undefined access
This change fixes TypeScript errors by ensuring types are imported from their
proper source files and improves code safety by adding proper null checks.
The type system can now correctly validate the usage of these types across
the codebase.
- Change retrieveAllAccountsMetadata to return Account[] instead of AccountEncrypted[]
to better reflect its purpose of returning non-sensitive metadata
- Update ImportDerivedAccountView to use Account type and group by derivation path
- Update retrieveAllFullyDecryptedAccounts to use AccountEncrypted type for encrypted data
- Fix import path for Account type in ImportDerivedAccountView
This change improves type safety by making it explicit which functions handle
encrypted data vs metadata, and ensures consistent handling of account data
across the application. The metadata functions now correctly strip sensitive
fields while functions that need encrypted data maintain access to those fields.
- Move queryResult and allResult declarations outside switch statement
- Change const declarations to let since they're now in outer scope
- Remove const declarations from inside case blocks
This fixes the 'no-case-declarations' linter errors by ensuring variables
are declared in a scope that encompasses all case blocks, preventing
potential scoping issues.
Note: Type definition errors for external modules remain and should be
addressed separately.
- Replace any[] with SqlValue[] type for SQL parameters in runMigrations
- Update import to use QueryExecResult from interfaces/database
- Add proper typing for SQL parameter values (string | number | null | Uint8Array)
This change improves type safety and helps catch potential SQL parameter
type mismatches at compile time, reducing the risk of runtime errors
or data corruption.
