feat: add Content-Security-Policy Header, allows setting frame-ancestor domains and moved font local

fix #455
2025-12-24 02:39:18 -05:00 · 2024-09-24 11:35:17 +02:00
82 changed files with 4939 additions and 4839 deletions
--- a/.all-contributorsrc
+++ b/.all-contributorsrc
@@ -439,15 +439,6 @@
      "contributions": [
        "code"
      ]
-    },
-    {
-      "login": "M0NsTeRRR",
-      "name": "Ludovic Ortega",
-      "avatar_url": "https://avatars.githubusercontent.com/u/37785089?v=4",
-      "profile": "https://github.com/M0NsTeRRR",
-      "contributions": [
-        "security"
-      ]
    }
  ]
 }
--- a/.dockerignore
+++ b/.dockerignore
@@ -18,7 +18,7 @@ config/logs/*
 config/*.json
 dist
 Dockerfile*
-compose.yaml
+docker-compose.yml
 docs
 LICENSE
 node_modules
--- a/.gitattributes
+++ b/.gitattributes
@@ -40,7 +40,7 @@ docs export-ignore
 .all-contributorsrc export-ignore
 .editorconfig export-ignore
 Dockerfile.local export-ignore
-compose.yaml export-ignore
+docker-compose.yml export-ignore
 stylelint.config.js export-ignore

 public/os_logo_filled.png export-ignore
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,7 +13,7 @@ jobs:
    name: Lint & Test Build
    if: github.event_name == 'pull_request'
    runs-on: ubuntu-22.04
-    container: node:22-alpine
+    container: node:20-alpine
    steps:
      - name: Checkout
        uses: actions/checkout@v4
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@@ -17,7 +17,7 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
-          node-version: 22
+          node-version: 20
      - name: Pnpm Setup
        uses: pnpm/action-setup@v4
        with:
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -20,7 +20,7 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
-          node-version: 22
+          node-version: 20

      - name: Pnpm Setup
        uses: pnpm/action-setup@v4
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -16,7 +16,7 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
-          node-version: 22
+          node-version: 20
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
--- a/.github/workflows/test-docs-deploy.yml
+++ b/.github/workflows/test-docs-deploy.yml
@@ -20,7 +20,7 @@ jobs:
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
-          node-version: 22
+          node-version: 20

      - name: Pnpm Setup
        uses: pnpm/action-setup@v4
@@ -42,7 +42,7 @@ jobs:

      - name: Install dependencies
        run: |
-          cd gen-docs
+          cd gen-docs 
          pnpm install --frozen-lockfile

      - name: Build website
--- a/.gitignore
+++ b/.gitignore
@@ -34,7 +34,6 @@ yarn-error.log*
 # database
 config/db/*.sqlite3*
 config/settings.json
-config/settings.old.json

 # logs
 config/logs/*.log*
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -8,7 +8,7 @@ All help is welcome and greatly appreciated! If you would like to contribute to

 - HTML/Typescript/Javascript editor
 - [VSCode](https://code.visualstudio.com/) is recommended. Upon opening the project, a few extensions will be automatically recommended for install.
- [NodeJS](https://nodejs.org/en/download/) (Node 22.x)
+- [NodeJS](https://nodejs.org/en/download/) (Node 20.x)
 - [Pnpm](https://pnpm.io/cli/install)
 - [Git](https://git-scm.com/downloads)

@@ -52,7 +52,7 @@ All help is welcome and greatly appreciated! If you would like to contribute to
   pnpm dev
   ```

-   - Alternatively, you can use [Docker](https://www.docker.com/) with `docker compose up -d`. This method does not require installing NodeJS or Yarn on your machine directly.
+   - Alternatively, you can use [Docker](https://www.docker.com/) with `docker-compose up -d`. This method does not require installing NodeJS or Yarn on your machine directly.

 5. Create your patch and test your changes.

--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-FROM node:22-alpine AS BUILD_IMAGE
+FROM node:20-alpine AS BUILD_IMAGE

 WORKDIR /app

@@ -36,7 +36,7 @@ RUN touch config/DOCKER
 RUN echo "{\"commitTag\": \"${COMMIT_TAG}\"}" > committag.json


-FROM node:22-alpine
+FROM node:20-alpine

 # Metadata for Github Package Registry
 LABEL org.opencontainers.image.source="https://github.com/Fallenbagel/jellyseerr"
--- a/Dockerfile.local
+++ b/Dockerfile.local
@@ -1,4 +1,4 @@
-FROM node:22-alpine
+FROM node:20-alpine

 COPY . /app
 WORKDIR /app
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
 <a href="http://translate.jellyseerr.dev/engage/jellyseerr/"><img src="http://translate.jellyseerr.dev/widget/jellyseerr/jellyseerr-frontend/svg-badge.svg" alt="Translation status" /></a>
 <a href="https://github.com/fallenbagel/jellyseerr/blob/develop/LICENSE"><img alt="GitHub" src="https://img.shields.io/github/license/fallenbagel/jellyseerr"></a>
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
-<a href="#contributors-"><img alt="All Contributors" src="https://img.shields.io/badge/all_contributors-48-orange.svg"/></a>
+<a href="#contributors-"><img alt="All Contributors" src="https://img.shields.io/badge/all_contributors-47-orange.svg"/></a>
 <!-- ALL-CONTRIBUTORS-BADGE:END -->

 **Jellyseerr** is a free and open source software application for managing requests for your media library.
@@ -146,7 +146,6 @@ Thanks goes to these wonderful people from Overseerr ([emoji key](https://allcon
      <td align="center" valign="top" width="14.28%"><a href="https://github.com/XDark187"><img src="https://avatars.githubusercontent.com/u/39034192?v=4?s=100" width="100px;" alt="Baraa"/><br /><sub><b>Baraa</b></sub></a><br /><a href="https://github.com/Fallenbagel/jellyseerr/commits?author=XDark187" title="Code">💻</a></td>
      <td align="center" valign="top" width="14.28%"><a href="https://github.com/franciscofsales"><img src="https://avatars.githubusercontent.com/u/7977645?v=4?s=100" width="100px;" alt="Francisco Sales"/><br /><sub><b>Francisco Sales</b></sub></a><br /><a href="https://github.com/Fallenbagel/jellyseerr/commits?author=franciscofsales" title="Code">💻</a></td>
      <td align="center" valign="top" width="14.28%"><a href="https://github.com/myselfolli"><img src="https://avatars.githubusercontent.com/u/37535998?v=4?s=100" width="100px;" alt="Oliver Laing"/><br /><sub><b>Oliver Laing</b></sub></a><br /><a href="https://github.com/Fallenbagel/jellyseerr/commits?author=myselfolli" title="Code">💻</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/M0NsTeRRR"><img src="https://avatars.githubusercontent.com/u/37785089?v=4?s=100" width="100px;" alt="Ludovic Ortega"/><br /><sub><b>Ludovic Ortega</b></sub></a><br /><a href="#security-M0NsTeRRR" title="Security">🛡️</a></td>
    </tr>
  </tbody>
 </table>
--- a/cypress/config/settings.cypress.json
+++ b/cypress/config/settings.cypress.json
@@ -7,6 +7,7 @@
    "applicationTitle": "Overseerr",
    "applicationUrl": "",
    "csrfProtection": false,
+    "cspFrameAncestorDomains": "",
    "cacheImages": false,
    "defaultPermissions": 32,
    "defaultQuotas": {
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,3 +1,4 @@
+version: '3'
 services:
  jellyseerr:
    build:
--- a/docs/extending-jellyseerr/reverse-proxy.mdx
+++ b/docs/extending-jellyseerr/reverse-proxy.mdx
@@ -190,7 +190,7 @@ Caddy will automatically obtain and renew SSL certificates for your domain.

 ## Traefik (v2)

-Add the following labels to the Jellyseerr service in your `compose.yaml` file:
+Add the following labels to the Jellyseerr service in your `docker-compose.yml` file:

 ```yaml
 labels:
--- a/docs/getting-started/aur.mdx
+++ b/docs/getting-started/aur.mdx
@@ -6,10 +6,6 @@ sidebar_position: 4

 # AUR (Arch User Repository)

-:::note Disclaimer
-This AUR package is not maintained by us but by a third party. Please refer to the maintainer for any issues.
-:::
-
 :::info
 This method is not recommended for most users. It is intended for advanced users who are using Arch Linux or an Arch-based distribution.
 :::
--- a/docs/getting-started/buildfromsource.mdx
+++ b/docs/getting-started/buildfromsource.mdx
@@ -12,12 +12,49 @@ import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';

 ### Prerequisites
+<Tabs groupId="versions" queryString>
+  <TabItem value="latest" label="Latest">
+    - [Node.js 18.x](https://nodejs.org/en/download/)
+    - [Yarn 1.x](https://classic.yarnpkg.com/lang/en/docs/install)
+    - [Git](https://git-scm.com/downloads)
+  </TabItem>
+
+  <TabItem value="develop" label="Develop">
    - [Node.js 20.x](https://nodejs.org/en/download/)
    - [Pnpm 9.x](https://pnpm.io/installation)
    - [Git](https://git-scm.com/downloads)
+  </TabItem>
+</Tabs>
+

 ## Unix (Linux, macOS)
 ### Installation
+<Tabs groupId="versions" queryString>
+  <TabItem value="latest" label="latest">
+1. Assuming you want the working directory to be `/opt/jellyseerr`, create the directory and navigate to it:
+```bash
+sudo mkdir -p /opt/jellyseerr && cd /opt/jellyseerr
+```
+2. Clone the Jellyseerr repository and checkout the latest release:
+```bash
+git clone https://github.com/Fallenbagel/jellyseerr.git
+cd jellyseerr
+git checkout main
+```
+3. Install the dependencies:
+```bash
+CYPRESS_INSTALL_BINARY=0 yarn install --frozen-lockfile --network-timeout 1000000
+```
+4. Build the project:
+```bash
+yarn build
+```
+5. Start Jellyseerr:
+```bash
+yarn start
+```
+  </TabItem>
+  <TabItem value="develop" label="develop">
 1. Assuming you want the working directory to be `/opt/jellyseerr`, create the directory and navigate to it:
 ```bash
 sudo mkdir -p /opt/jellyseerr && cd /opt/jellyseerr
@@ -40,6 +77,8 @@ pnpm build
 ```bash
 pnpm start
 ```
+  </TabItem>
+</Tabs>

 :::info
 You can now access Jellyseerr by visiting `http://localhost:5055` in your web browser.
@@ -195,6 +234,33 @@ pm2 status jellyseerr

 ## Windows
 ### Installation
+<Tabs groupId="versions" queryString>
+  <TabItem value="latest" label="latest">
+1. Assuming you want the working directory to be `C:\jellyseerr`, create the directory and navigate to it:
+```powershell
+mkdir C:\jellyseerr
+cd C:\jellyseerr
+```
+2. Clone the Jellyseerr repository and checkout the latest release:
+```powershell
+git clone https://github.com/Fallenbagel/jellyseerr.git .
+git checkout main
+```
+3. Install the dependencies:
+```powershell
+npm install -g win-node-env
+set CYPRESS_INSTALL_BINARY=0 && yarn install --frozen-lockfile --network-timeout 1000000
+```
+4. Build the project:
+```powershell
+yarn build
+```
+5. Start Jellyseerr:
+```powershell
+yarn start
+```
+  </TabItem>
+  <TabItem value="develop" label="develop">
 1. Assuming you want the working directory to be `C:\jellyseerr`, create the directory and navigate to it:
 ```powershell
 mkdir C:\jellyseerr
@@ -218,6 +284,8 @@ pnpm build
 ```powershell
 pnpm start
 ```
+  </TabItem>
+</Tabs>

 :::tip
 You can add the environment variables to a `.env` file in the Jellyseerr directory.
@@ -245,7 +313,6 @@ node dist/index.js
 - Set the trigger to "When the computer starts"
 - Set the action to "Start a program"
 - Set the program/script to the path of the `start-jellyseerr.bat` file
- Set the "Start in" to the jellyseerr directory.
 - Click "Finish"

 Now, Jellyseerr will start when the computer boots up in the background.
--- a/docs/getting-started/docker.mdx
+++ b/docs/getting-started/docker.mdx
@@ -71,7 +71,7 @@ You could also use [diun](https://github.com/crazy-max/diun) to receive notifica
 For details on how to use Docker Compose, please [review the official Compose documentation](https://docs.docker.com/compose/reference/).

 #### Installation:
-Define the `jellyseerr` service in your `compose.yaml` as follows:
+Define the `jellyseerr` service in your `docker-compose.yml` as follows:
 ```yaml
 ---
 services:
@@ -94,17 +94,17 @@ If you are using emby, make sure to set the `JELLYFIN_TYPE` environment variable

 Then, start all services defined in the Compose file:
 ```bash
-docker compose up -d
+docker-compose up -d
 ```

 #### Updating:
 Pull the latest image:
 ```bash
-docker compose pull jellyseerr
+docker-compose pull jellyseerr
 ```
 Then, restart all services defined in the Compose file:
 ```bash
-docker compose up -d
+docker-compose up -d
 ```
 :::tip
 You may alternatively use a third-party mechanism like [dockge](https://github.com/louislam/dockge) to manage your docker compose files.
--- a/next-env.d.ts
+++ b/next-env.d.ts
@@ -2,4 +2,4 @@
 /// <reference types="next/image-types/global" />

 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/pages/building-your-application/configuring/typescript for more information.
+// see https://nextjs.org/docs/basic-features/typescript for more information.
--- a/overseerr-api.yml
+++ b/overseerr-api.yml
@@ -168,6 +168,9 @@ components:
        csrfProtection:
          type: boolean
          example: false
+        cspFrameAncestorDomains:
+          type: string
+          example: 'example.com'
        hideAvailable:
          type: boolean
          example: false
@@ -1988,9 +1991,6 @@ paths:
                  appDataPath:
                    type: string
                    example: /app/config
-                  appDataPermissions:
-                    type: boolean
-                    example: true
  /settings/main:
    get:
      summary: Get main settings
--- a/package.json
+++ b/package.json
@@ -61,6 +61,7 @@
    "express-session": "1.17.3",
    "formik": "^2.4.6",
    "gravatar-url": "3.1.0",
+    "helmet": "^7.1.0",
    "lodash": "4.17.21",
    "mime": "3",
    "next": "^14.2.4",
@@ -93,8 +94,7 @@
    "sqlite3": "5.1.4",
    "swagger-ui-express": "4.6.2",
    "swr": "2.2.5",
-    "typeorm": "0.3.11",
-    "undici": "^6.20.1",
+    "typeorm": "0.3.12",
    "web-push": "3.5.0",
    "winston": "3.8.2",
    "winston-daily-rotate-file": "4.7.1",
@@ -168,7 +168,7 @@
    "typescript": "4.9.5"
  },
  "engines": {
-    "node": "^22.0.0",
+    "node": "^20.0.0",
    "pnpm": "^9.0.0"
  },
  "overrides": {
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/server/api/externalapi.ts
+++ b/server/api/externalapi.ts
@@ -32,27 +32,13 @@ class ExternalAPI {
      this.fetch = fetch;
    }

-    const url = new URL(baseUrl);
-
+    this.baseUrl = baseUrl;
+    this.params = params;
    this.defaultHeaders = {
      'Content-Type': 'application/json',
      Accept: 'application/json',
-      ...((url.username || url.password) && {
-        Authorization: `Basic ${Buffer.from(
-          `${url.username}:${url.password}`
-        ).toString('base64')}`,
-      }),
      ...options.headers,
    };
-
-    if (url.username || url.password) {
-      url.username = '';
-      url.password = '';
-      baseUrl = url.toString();
-    }
-
-    this.baseUrl = baseUrl;
-    this.params = params;
    this.cache = options.nodeCache;
  }

@@ -90,7 +76,7 @@ class ExternalAPI {
    }
    const data = await this.getDataFromResponse(response);

-    if (this.cache && ttl !== 0) {
+    if (this.cache) {
      this.cache.set(cacheKey, data, ttl ?? DEFAULT_TTL);
    }

@@ -134,7 +120,7 @@ class ExternalAPI {
    }
    const resData = await this.getDataFromResponse(response);

-    if (this.cache && ttl !== 0) {
+    if (this.cache) {
      this.cache.set(cacheKey, resData, ttl ?? DEFAULT_TTL);
    }

@@ -178,7 +164,7 @@ class ExternalAPI {
    }
    const resData = await this.getDataFromResponse(response);

-    if (this.cache && ttl !== 0) {
+    if (this.cache) {
      this.cache.set(cacheKey, resData, ttl ?? DEFAULT_TTL);
    }

--- a/server/api/jellyfin.ts
+++ b/server/api/jellyfin.ts
@@ -410,7 +410,7 @@ class JellyfinAPI extends ExternalAPI {
      ).AccessToken;
    } catch (e) {
      logger.error(
-        `Something went wrong while creating an API key from the Jellyfin server: ${e.message}`,
+        `Something went wrong while creating an API key the Jellyfin server: ${e.message}`,
        { label: 'Jellyfin API' }
      );

--- a/server/api/plexapi.ts
+++ b/server/api/plexapi.ts
@@ -180,7 +180,7 @@ class PlexAPI {
      settings.plex.libraries = [];
    }

-    await settings.save();
+    settings.save();
  }

  public async getLibraryContents(
--- a/server/api/rating/rottentomatoes.ts
+++ b/server/api/rating/rottentomatoes.ts
@@ -182,7 +182,7 @@ class RottenTomatoes extends ExternalAPI {
        );
      }

-      if (!tvshow || !tvshow.rottenTomatoes) {
+      if (!tvshow) {
        return null;
      }

--- a/server/api/servarr/base.ts
+++ b/server/api/servarr/base.ts
@@ -157,13 +157,9 @@ class ServarrBase<QueueItemAppendT> extends ExternalAPI {

  public getQueue = async (): Promise<(QueueItem & QueueItemAppendT)[]> => {
    try {
-      const data = await this.get<QueueResponse<QueueItemAppendT>>(
-        `/queue`,
-        {
-          includeEpisode: 'true',
-        },
-        0
-      );
+      const data = await this.get<QueueResponse<QueueItemAppendT>>(`/queue`, {
+        includeEpisode: 'true',
+      });

      return data.records;
    } catch (e) {
@@ -197,24 +193,15 @@ class ServarrBase<QueueItemAppendT> extends ExternalAPI {
    }
  };

-  async refreshMonitoredDownloads(): Promise<void> {
-    await this.runCommand('RefreshMonitoredDownloads', {});
-  }
-
  protected async runCommand(
    commandName: string,
    options: Record<string, unknown>
  ): Promise<void> {
    try {
-      await this.post(
-        `/command`,
-        {
-          name: commandName,
-          ...options,
-        },
-        {},
-        0
-      );
+      await this.post(`/command`, {
+        name: commandName,
+        ...options,
+      });
    } catch (e) {
      throw new Error(`[${this.apiName}] Failed to run command: ${e.message}`);
    }
--- a/server/entity/Media.ts
+++ b/server/entity/Media.ts
@@ -231,7 +231,7 @@ class Media {
        this.mediaUrl = `${jellyfinHost}/web/index.html#!/${pageName}?id=${this.jellyfinMediaId}&context=home&serverId=${serverId}`;
      }
      if (this.jellyfinMediaId4k) {
-        this.mediaUrl4k = `${jellyfinHost}/web/index.html#!/${pageName}?id=${this.jellyfinMediaId4k}&context=home&serverId=${serverId}`;
+        this.mediaUrl4k = `${jellyfinHost}/web/index.html#!/${pageName}?id=${this.jellyfinMediaId}&context=home&serverId=${serverId}`;
      }
    }
  }
--- a/server/index.ts
+++ b/server/index.ts
@@ -21,9 +21,7 @@ import clearCookies from '@server/middleware/clearcookies';
 import routes from '@server/routes';
 import avatarproxy from '@server/routes/avatarproxy';
 import imageproxy from '@server/routes/imageproxy';
-import { appDataPermissions } from '@server/utils/appDataVolume';
 import { getAppVersion } from '@server/utils/appVersion';
-import createCustomProxyAgent from '@server/utils/customProxyAgent';
 import restartFlag from '@server/utils/restartFlag';
 import { getClientIp } from '@supercharge/request-ip';
 import { TypeormStore } from 'connect-typeorm/out';
@@ -34,6 +32,7 @@ import express from 'express';
 import * as OpenApiValidator from 'express-openapi-validator';
 import type { Store } from 'express-session';
 import session from 'express-session';
+import helmet from 'helmet';
 import next from 'next';
 import dns from 'node:dns';
 import net from 'node:net';
@@ -53,12 +52,6 @@ const dev = process.env.NODE_ENV !== 'production';
 const app = next({ dev });
 const handle = app.getRequestHandler();

-if (!appDataPermissions()) {
-  logger.error(
-    'Something went wrong while checking config folder! Please ensure the config folder is set up properly.\nhttps://docs.jellyseerr.dev/getting-started'
-  );
-}
-
 app
  .prepare()
  .then(async () => {
@@ -75,11 +68,6 @@ app
    const settings = await getSettings().load();
    restartFlag.initializeSettings(settings.main);

-    // Register HTTP proxy
-    if (settings.main.proxy.enabled) {
-      await createCustomProxyAgent(settings.main.proxy);
-    }
-
    // Migrate library types
    if (
      settings.plex.libraries.length > 1 &&
@@ -172,6 +160,28 @@ app
      });
    }

+    // Setup Content-Security-Policy
+    server.use(
+      helmet.contentSecurityPolicy({
+        useDefaults: false,
+        directives: {
+          'default-src': ["'self'", "'unsafe-inline'"],
+          'script-src': [
+            "'self'",
+            "'unsafe-inline'",
+            ...(dev ? ["'unsafe-eval'"] : []),
+          ],
+          'img-src': ["'self'", "'unsafe-inline'", 'data:', 'blob:', '*'],
+          'frame-ancestors': [
+            "'self'",
+            ...(settings.main.cspFrameAncestorDomains
+              ? [settings.main.cspFrameAncestorDomains]
+              : []),
+          ],
+        },
+      })
+    );
+
    // Set up sessions
    const sessionRespository = getRepository(Session);
    server.use(
@@ -183,12 +193,16 @@ app
        cookie: {
          maxAge: 1000 * 60 * 60 * 24 * 30,
          httpOnly: true,
-          sameSite: settings.main.csrfProtection ? 'strict' : 'lax',
-          secure: 'auto',
+          sameSite: settings.main.csrfProtection
+            ? 'strict'
+            : settings.main.cspFrameAncestorDomains
+            ? 'none'
+            : 'lax',
+          secure: settings.main.cspFrameAncestorDomains ? true : 'auto',
        },
        store: new TypeormStore({
          cleanupLimit: 2,
-          ttl: 60 * 60 * 24 * 30,
+          ttl: 1000 * 60 * 60 * 24 * 30,
        }).connect(sessionRespository) as Store,
      })
    );
--- a/server/lib/downloadtracker.ts
+++ b/server/lib/downloadtracker.ts
@@ -85,7 +85,6 @@ class DownloadTracker {
          });

          try {
-            await radarr.refreshMonitoredDownloads();
            const queueItems = await radarr.getQueue();

            this.radarrServers[server.id] = queueItems.map((item) => ({
@@ -163,7 +162,6 @@ class DownloadTracker {
          });

          try {
-            await sonarr.refreshMonitoredDownloads();
            const queueItems = await sonarr.getQueue();

            this.sonarrServers[server.id] = queueItems.map((item) => ({
--- a/server/lib/imageproxy.ts
+++ b/server/lib/imageproxy.ts
@@ -135,7 +135,6 @@ class ImageProxy {
  private cacheVersion;
  private key;
  private baseUrl;
-  private headers: HeadersInit | null = null;

  constructor(
    key: string,
@@ -143,7 +142,6 @@ class ImageProxy {
    options: {
      cacheVersion?: number;
      rateLimitOptions?: RateLimitOptions;
-      headers?: HeadersInit;
    } = {}
  ) {
    this.cacheVersion = options.cacheVersion ?? 1;
@@ -157,13 +155,9 @@ class ImageProxy {
    } else {
      this.fetch = fetch;
    }
-    this.headers = options.headers || null;
  }

-  public async getImage(
-    path: string,
-    fallbackPath?: string
-  ): Promise<ImageResponse> {
+  public async getImage(path: string): Promise<ImageResponse> {
    const cacheKey = this.getCacheKey(path);

    const imageResponse = await this.get(cacheKey);
@@ -172,11 +166,7 @@ class ImageProxy {
      const newImage = await this.set(path, cacheKey);

      if (!newImage) {
-        if (fallbackPath) {
-          return await this.getImage(fallbackPath);
-        } else {
-          throw new Error('Failed to load image');
-        }
+        throw new Error('Failed to load image');
      }

      return newImage;
@@ -257,12 +247,7 @@ class ImageProxy {
            : '/'
          : '') +
        (path.startsWith('/') ? path.slice(1) : path);
-      const response = await this.fetch(href, {
-        headers: this.headers || undefined,
-      });
-      if (!response.ok) {
-        return null;
-      }
+      const response = await this.fetch(href);
      const arrayBuffer = await response.arrayBuffer();
      const buffer = Buffer.from(arrayBuffer);

--- a/server/lib/scanners/plex/index.ts
+++ b/server/lib/scanners/plex/index.ts
@@ -129,7 +129,7 @@ class PlexScanner
          });

          settings.plex.libraries = newLibraries;
-          await settings.save();
+          settings.save();
        }
      } else {
        for (const library of this.libraries) {
--- a/server/lib/settings/index.ts
+++ b/server/lib/settings/index.ts
@@ -2,7 +2,7 @@ import { MediaServerType } from '@server/constants/server';
 import { Permission } from '@server/lib/permissions';
 import { runMigrations } from '@server/lib/settings/migrator';
 import { randomUUID } from 'crypto';
-import fs from 'fs/promises';
+import fs from 'fs';
 import { merge } from 'lodash';
 import path from 'path';
 import webpush from 'web-push';
@@ -99,22 +99,12 @@ interface Quota {
  quotaDays?: number;
 }

-export interface ProxySettings {
-  enabled: boolean;
-  hostname: string;
-  port: number;
-  useSsl: boolean;
-  user: string;
-  password: string;
-  bypassFilter: string;
-  bypassLocalAddresses: boolean;
-}
-
 export interface MainSettings {
  apiKey: string;
  applicationTitle: string;
  applicationUrl: string;
  csrfProtection: boolean;
+  cspFrameAncestorDomains: string;
  cacheImages: boolean;
  defaultPermissions: number;
  defaultQuotas: {
@@ -130,7 +120,6 @@ export interface MainSettings {
  mediaServerType: number;
  partialRequestsEnabled: boolean;
  locale: string;
-  proxy: ProxySettings;
 }

 interface PublicSettings {
@@ -322,6 +311,7 @@ class Settings {
        applicationTitle: 'Jellyseerr',
        applicationUrl: '',
        csrfProtection: false,
+        cspFrameAncestorDomains: '',
        cacheImages: false,
        defaultPermissions: Permission.REQUEST,
        defaultQuotas: {
@@ -337,16 +327,6 @@ class Settings {
        mediaServerType: MediaServerType.NOT_CONFIGURED,
        partialRequestsEnabled: true,
        locale: 'en',
-        proxy: {
-          enabled: false,
-          hostname: '',
-          port: 8080,
-          useSsl: false,
-          user: '',
-          password: '',
-          bypassFilter: '',
-          bypassLocalAddresses: true,
-        },
      },
      plex: {
        name: '',
@@ -501,6 +481,10 @@ class Settings {
  }

  get main(): MainSettings {
+    if (!this.data.main.apiKey) {
+      this.data.main.apiKey = this.generateApiKey();
+      this.save();
+    }
    return this.data.main;
  }

@@ -602,20 +586,29 @@ class Settings {
  }

  get clientId(): string {
+    if (!this.data.clientId) {
+      this.data.clientId = randomUUID();
+      this.save();
+    }
+
    return this.data.clientId;
  }

  get vapidPublic(): string {
+    this.generateVapidKeys();
+
    return this.data.vapidPublic;
  }

  get vapidPrivate(): string {
+    this.generateVapidKeys();
+
    return this.data.vapidPrivate;
  }

-  public async regenerateApiKey(): Promise<MainSettings> {
+  public regenerateApiKey(): MainSettings {
    this.main.apiKey = this.generateApiKey();
-    await this.save();
+    this.save();
    return this.main;
  }

@@ -627,6 +620,15 @@ class Settings {
    }
  }

+  private generateVapidKeys(force = false): void {
+    if (!this.data.vapidPublic || !this.data.vapidPrivate || force) {
+      const vapidKeys = webpush.generateVAPIDKeys();
+      this.data.vapidPrivate = vapidKeys.privateKey;
+      this.data.vapidPublic = vapidKeys.publicKey;
+      this.save();
+    }
+  }
+
  /**
   * Settings Load
   *
@@ -641,51 +643,30 @@ class Settings {
      return this;
    }

-    let data;
-    try {
-      data = await fs.readFile(SETTINGS_PATH, 'utf-8');
-    } catch {
-      await this.save();
+    if (!fs.existsSync(SETTINGS_PATH)) {
+      this.save();
    }
+    const data = fs.readFileSync(SETTINGS_PATH, 'utf-8');

    if (data) {
      const parsedJson = JSON.parse(data);
-      const migratedData = await runMigrations(parsedJson, SETTINGS_PATH);
-      this.data = merge(this.data, migratedData);
-    }
+      this.data = await runMigrations(parsedJson);

-    // generate keys and ids if it's missing
-    let change = false;
-    if (!this.data.main.apiKey) {
-      this.data.main.apiKey = this.generateApiKey();
-      change = true;
-    } else if (process.env.API_KEY) {
-      if (this.main.apiKey != process.env.API_KEY) {
-        this.main.apiKey = process.env.API_KEY;
+      this.data = merge(this.data, parsedJson);
+
+      if (process.env.API_KEY) {
+        if (this.main.apiKey != process.env.API_KEY) {
+          this.main.apiKey = process.env.API_KEY;
+        }
      }
-    }
-    if (!this.data.clientId) {
-      this.data.clientId = randomUUID();
-      change = true;
-    }
-    if (!this.data.vapidPublic || !this.data.vapidPrivate) {
-      const vapidKeys = webpush.generateVAPIDKeys();
-      this.data.vapidPrivate = vapidKeys.privateKey;
-      this.data.vapidPublic = vapidKeys.publicKey;
-      change = true;
-    }
-    if (change) {
-      await this.save();
-    }

+      this.save();
+    }
    return this;
  }

-  public async save(): Promise<void> {
-    await fs.writeFile(
-      SETTINGS_PATH,
-      JSON.stringify(this.data, undefined, ' ')
-    );
+  public save(): void {
+    fs.writeFileSync(SETTINGS_PATH, JSON.stringify(this.data, undefined, ' '));
  }
 }

--- a/server/lib/settings/migrations/0001_migrate_hostname.ts
+++ b/server/lib/settings/migrations/0001_migrate_hostname.ts
@@ -1,14 +1,15 @@
 import type { AllSettings } from '@server/lib/settings';

 const migrateHostname = (settings: any): AllSettings => {
-  if (settings.jellyfin?.hostname) {
-    const { hostname } = settings.jellyfin;
+  const oldJellyfinSettings = settings.jellyfin;
+  if (oldJellyfinSettings && oldJellyfinSettings.hostname) {
+    const { hostname } = oldJellyfinSettings;
    const protocolMatch = hostname.match(/^(https?):\/\//i);
    const useSsl = protocolMatch && protocolMatch[1].toLowerCase() === 'https';
    const remainingUrl = hostname.replace(/^(https?):\/\//i, '');
    const urlMatch = remainingUrl.match(/^([^:]+)(:([0-9]+))?(\/.*)?$/);

-    delete settings.jellyfin.hostname;
+    delete oldJellyfinSettings.hostname;
    if (urlMatch) {
      const [, ip, , port, urlBase] = urlMatch;
      settings.jellyfin = {
@@ -20,7 +21,9 @@ const migrateHostname = (settings: any): AllSettings => {
      };
    }
  }
-
+  if (settings.jellyfin && settings.jellyfin.hostname) {
+    delete settings.jellyfin.hostname;
+  }
  return settings;
 };

--- a/server/lib/settings/migrations/0002_migrate_apitokens.ts
+++ b/server/lib/settings/migrations/0002_migrate_apitokens.ts
@@ -27,14 +27,8 @@ const migrateApiTokens = async (settings: any): Promise<AllSettings> => {
      admin.jellyfinDeviceId
    );
    jellyfinClient.setUserId(admin.jellyfinUserId ?? '');
-    try {
-      const apiKey = await jellyfinClient.createApiToken('Jellyseerr');
-      settings.jellyfin.apiKey = apiKey;
-    } catch {
-      throw new Error(
-        "Failed to create Jellyfin API token from admin account. Please check your network configuration or edit your settings.json by adding an 'apiKey' field inside of the 'jellyfin' section to fix this issue."
-      );
-    }
+    const apiKey = await jellyfinClient.createApiToken('Jellyseerr');
+    settings.jellyfin.apiKey = apiKey;
  }
  return settings;
 };
--- a/server/lib/settings/migrator.ts
+++ b/server/lib/settings/migrator.ts
@@ -1,100 +1,30 @@
 import type { AllSettings } from '@server/lib/settings';
 import logger from '@server/logger';
-import fs from 'fs/promises';
+import fs from 'fs';
 import path from 'path';

 const migrationsDir = path.join(__dirname, 'migrations');

 export const runMigrations = async (
-  settings: AllSettings,
-  SETTINGS_PATH: string
+  settings: AllSettings
 ): Promise<AllSettings> => {
+  const migrations = fs
+    .readdirSync(migrationsDir)
+    .filter((file) => file.endsWith('.js') || file.endsWith('.ts'))
+    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    .map((file) => require(path.join(migrationsDir, file)).default);
+
  let migrated = settings;

  try {
-    // we read old backup and create a backup of currents settings
-    const BACKUP_PATH = SETTINGS_PATH.replace('.json', '.old.json');
-    let oldBackup: string | null = null;
-    try {
-      oldBackup = await fs.readFile(BACKUP_PATH, 'utf-8');
-    } catch {
-      /* empty */
-    }
-    await fs.writeFile(BACKUP_PATH, JSON.stringify(settings, undefined, ' '));
-
-    const migrations = (await fs.readdir(migrationsDir)).filter(
-      (file) => file.endsWith('.js') || file.endsWith('.ts')
-    );
-
-    const settingsBefore = JSON.stringify(migrated);
-
    for (const migration of migrations) {
-      try {
-        logger.debug(`Checking migration '${migration}'...`, {
-          label: 'Settings Migrator',
-        });
-        const { default: migrationFn } = await import(
-          path.join(migrationsDir, migration)
-        );
-        const newSettings = await migrationFn(structuredClone(migrated));
-        if (JSON.stringify(migrated) !== JSON.stringify(newSettings)) {
-          logger.debug(`Migration '${migration}' has been applied.`, {
-            label: 'Settings Migrator',
-          });
-        }
-        migrated = newSettings;
-      } catch (e) {
-        // we stop jellyseerr if the migration failed
-        logger.error(
-          `Error while running migration '${migration}': ${e.message}`,
-          {
-            label: 'Settings Migrator',
-          }
-        );
-        logger.error(
-          'A common cause for this error is a permission issue with your configuration folder, a network issue or a corrupted database.',
-          {
-            label: 'Settings Migrator',
-          }
-        );
-        process.exit();
-      }
-    }
-
-    const settingsAfter = JSON.stringify(migrated);
-
-    if (settingsBefore !== settingsAfter) {
-      // a migration occured
-      // we check that the new config will be saved
-      await fs.writeFile(
-        SETTINGS_PATH,
-        JSON.stringify(migrated, undefined, ' ')
-      );
-      const fileSaved = JSON.parse(await fs.readFile(SETTINGS_PATH, 'utf-8'));
-      if (JSON.stringify(fileSaved) !== settingsAfter) {
-        // something went wrong while saving file
-        throw new Error('Unable to save settings after migration.');
-      }
-    } else if (oldBackup) {
-      // no migration occured
-      // we save the old backup (to avoid settings.json and settings.old.json being the same)
-      await fs.writeFile(BACKUP_PATH, oldBackup.toString());
+      migrated = await migration(migrated);
    }
  } catch (e) {
-    // we stop jellyseerr if the migration failed
    logger.error(
      `Something went wrong while running settings migrations: ${e.message}`,
-      {
-        label: 'Settings Migrator',
-      }
+      { label: 'Settings Migrator' }
    );
-    logger.error(
-      'A common cause for this issue is a permission error of your configuration folder.',
-      {
-        label: 'Settings Migrator',
-      }
-    );
-    process.exit();
  }

  return migrated;
--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -6,6 +6,7 @@ import { UserType } from '@server/constants/user';
 import { getRepository } from '@server/datasource';
 import { User } from '@server/entity/User';
 import { startJobs } from '@server/job/schedule';
+import ImageProxy from '@server/lib/imageproxy';
 import { Permission } from '@server/lib/permissions';
 import { getSettings } from '@server/lib/settings';
 import logger from '@server/logger';
@@ -14,6 +15,7 @@ import { ApiError } from '@server/types/error';
 import { getHostname } from '@server/utils/getHostname';
 import * as EmailValidator from 'email-validator';
 import { Router } from 'express';
+import gravatarUrl from 'gravatar-url';
 import net from 'net';

 const authRoutes = Router();
@@ -87,7 +89,7 @@ authRoutes.post('/plex', async (req, res, next) => {
      });

      settings.main.mediaServerType = MediaServerType.PLEX;
-      await settings.save();
+      settings.save();
      startJobs();

      await userRepository.save(user);
@@ -260,6 +262,8 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
            urlBase: body.urlBase,
          });

+    const { externalHostname } = getSettings().jellyfin;
+
    // Try to find deviceId that corresponds to jellyfin user, else generate a new one
    let user = await userRepository.findOne({
      where: { jellyfinUsername: body.username },
@@ -277,6 +281,11 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
    // First we need to attempt to log the user in to jellyfin
    const jellyfinserver = new JellyfinAPI(hostname ?? '', undefined, deviceId);

+    const jellyfinHost =
+      externalHostname && externalHostname.length > 0
+        ? externalHostname
+        : hostname;
+
    const ip = req.ip;
    let clientIp;

@@ -299,84 +308,64 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
      where: { jellyfinUserId: account.User.Id },
    });

-    const missingAdminUser = !user && !(await userRepository.count());
-    if (
-      missingAdminUser ||
-      settings.main.mediaServerType === MediaServerType.NOT_CONFIGURED
-    ) {
+    if (!user && !(await userRepository.count())) {
      // Check if user is admin on jellyfin
      if (account.User.Policy.IsAdministrator === false) {
        throw new ApiError(403, ApiErrorCode.NotAdmin);
      }

-      if (
-        body.serverType !== MediaServerType.JELLYFIN &&
-        body.serverType !== MediaServerType.EMBY
-      ) {
-        throw new Error('select_server_type');
-      }
-      settings.main.mediaServerType = body.serverType;
-
-      if (missingAdminUser) {
-        logger.info(
-          'Sign-in attempt from Jellyfin user with access to the media server; creating initial admin user for Jellyseerr',
-          {
-            label: 'API',
-            ip: req.ip,
-            jellyfinUsername: account.User.Name,
-          }
-        );
-
-        // User doesn't exist, and there are no users in the database, we'll create the user
-        // with admin permissions
-
-        user = new User({
-          id: 1,
-          email: body.email || account.User.Name,
+      logger.info(
+        'Sign-in attempt from Jellyfin user with access to the media server; creating initial admin user for Overseerr',
+        {
+          label: 'API',
+          ip: req.ip,
          jellyfinUsername: account.User.Name,
-          jellyfinUserId: account.User.Id,
-          jellyfinDeviceId: deviceId,
-          jellyfinAuthToken: account.AccessToken,
-          permissions: Permission.ADMIN,
-          avatar: `/avatarproxy/${account.User.Id}`,
-          userType:
-            body.serverType === MediaServerType.JELLYFIN
-              ? UserType.JELLYFIN
-              : UserType.EMBY,
-        });
-
-        await userRepository.save(user);
-      } else {
-        logger.info(
-          'Sign-in attempt from Jellyfin user with access to the media server; editing admin user for Jellyseerr',
-          {
-            label: 'API',
-            ip: req.ip,
-            jellyfinUsername: account.User.Name,
-          }
-        );
-
-        // User alread exist but settings.json is not configured, we'll edit the admin user
-
-        user = await userRepository.findOne({
-          where: { id: 1 },
-        });
-        if (!user) {
-          throw new Error('Unable to find admin user to edit');
        }
-        user.email = body.email || account.User.Name;
-        user.jellyfinUsername = account.User.Name;
-        user.jellyfinUserId = account.User.Id;
-        user.jellyfinDeviceId = deviceId;
-        user.jellyfinAuthToken = account.AccessToken;
-        user.permissions = Permission.ADMIN;
-        user.avatar = `/avatarproxy/${account.User.Id}`;
-        user.userType =
-          body.serverType === MediaServerType.JELLYFIN
-            ? UserType.JELLYFIN
-            : UserType.EMBY;
+      );

-        await userRepository.save(user);
+      // User doesn't exist, and there are no users in the database, we'll create the user
+      // with admin permissions
+      switch (body.serverType) {
+        case MediaServerType.EMBY:
+          settings.main.mediaServerType = MediaServerType.EMBY;
+          user = new User({
+            email: body.email || account.User.Name,
+            jellyfinUsername: account.User.Name,
+            jellyfinUserId: account.User.Id,
+            jellyfinDeviceId: deviceId,
+            jellyfinAuthToken: account.AccessToken,
+            permissions: Permission.ADMIN,
+            avatar: account.User.PrimaryImageTag
+              ? `${jellyfinHost}/Users/${account.User.Id}/Images/Primary/?tag=${account.User.PrimaryImageTag}&quality=90`
+              : gravatarUrl(body.email || account.User.Name, {
+                  default: 'mm',
+                  size: 200,
+                }),
+            userType: UserType.EMBY,
+          });
+
+          break;
+        case MediaServerType.JELLYFIN:
+          settings.main.mediaServerType = MediaServerType.JELLYFIN;
+          user = new User({
+            email: body.email || account.User.Name,
+            jellyfinUsername: account.User.Name,
+            jellyfinUserId: account.User.Id,
+            jellyfinDeviceId: deviceId,
+            jellyfinAuthToken: account.AccessToken,
+            permissions: Permission.ADMIN,
+            avatar: account.User.PrimaryImageTag
+              ? `${jellyfinHost}/Users/${account.User.Id}/Images/Primary/?tag=${account.User.PrimaryImageTag}&quality=90`
+              : gravatarUrl(body.email || account.User.Name, {
+                  default: 'mm',
+                  size: 200,
+                }),
+            userType: UserType.JELLYFIN,
+          });
+
+          break;
+        default:
+          throw new Error('select_server_type');
      }

      // Create an API key on Jellyfin from this admin user
@@ -396,8 +385,10 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
      settings.jellyfin.urlBase = body.urlBase ?? '';
      settings.jellyfin.useSsl = body.useSsl ?? false;
      settings.jellyfin.apiKey = apiKey;
-      await settings.save();
+      settings.save();
      startJobs();
+
+      await userRepository.save(user);
    }
    // User already exists, let's update their information
    else if (account.User.Id === user?.jellyfinUserId) {
@@ -417,7 +408,27 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
          jellyfinUsername: account.User.Name,
        }
      );
-      user.avatar = `/avatarproxy/${account.User.Id}`;
+      // Update the users avatar with their jellyfin profile pic (incase it changed)
+      if (account.User.PrimaryImageTag) {
+        const avatar = `${jellyfinHost}/Users/${account.User.Id}/Images/Primary/?tag=${account.User.PrimaryImageTag}&quality=90`;
+        if (avatar !== user.avatar) {
+          const avatarProxy = new ImageProxy('avatar', '');
+          avatarProxy.clearCachedImage(user.avatar);
+        }
+        user.avatar = avatar;
+      } else {
+        const avatar = gravatarUrl(user.email || account.User.Name, {
+          default: 'mm',
+          size: 200,
+        });
+
+        if (avatar !== user.avatar) {
+          const avatarProxy = new ImageProxy('avatar', '');
+          avatarProxy.clearCachedImage(user.avatar);
+        }
+
+        user.avatar = avatar;
+      }
      user.jellyfinUsername = account.User.Name;

      if (user.username === account.User.Name) {
@@ -455,7 +466,12 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
        jellyfinUserId: account.User.Id,
        jellyfinDeviceId: deviceId,
        permissions: settings.main.defaultPermissions,
-        avatar: `/avatarproxy/${account.User.Id}`,
+        avatar: account.User.PrimaryImageTag
+          ? `${jellyfinHost}/Users/${account.User.Id}/Images/Primary/?tag=${account.User.PrimaryImageTag}&quality=90`
+          : gravatarUrl(body.email || account.User.Name, {
+              default: 'mm',
+              size: 200,
+            }),
        userType:
          settings.main.mediaServerType === MediaServerType.JELLYFIN
            ? UserType.JELLYFIN
--- a/server/routes/avatarproxy.ts
+++ b/server/routes/avatarproxy.ts
@@ -1,71 +1,16 @@
-import { MediaServerType } from '@server/constants/server';
-import { getRepository } from '@server/datasource';
-import { User } from '@server/entity/User';
 import ImageProxy from '@server/lib/imageproxy';
-import { getSettings } from '@server/lib/settings';
 import logger from '@server/logger';
-import { getAppVersion } from '@server/utils/appVersion';
-import { getHostname } from '@server/utils/getHostname';
 import { Router } from 'express';
-import gravatarUrl from 'gravatar-url';

 const router = Router();

-let _avatarImageProxy: ImageProxy | null = null;
-async function initAvatarImageProxy() {
-  if (!_avatarImageProxy) {
-    const userRepository = getRepository(User);
-    const admin = await userRepository.findOne({
-      where: { id: 1 },
-      select: ['id', 'jellyfinUserId', 'jellyfinDeviceId'],
-      order: { id: 'ASC' },
-    });
-    const deviceId = admin?.jellyfinDeviceId;
-    const authToken = getSettings().jellyfin.apiKey;
-    _avatarImageProxy = new ImageProxy('avatar', '', {
-      headers: {
-        'X-Emby-Authorization': `MediaBrowser Client="Jellyseerr", Device="Jellyseerr", DeviceId="${deviceId}", Version="${getAppVersion()}", Token="${authToken}"`,
-      },
-    });
-  }
-  return _avatarImageProxy;
-}
+const avatarImageProxy = new ImageProxy('avatar', '');
+// Proxy avatar images
+router.get('/*', async (req, res) => {
+  const imagePath = req.url.startsWith('/') ? req.url.slice(1) : req.url;

-router.get('/:jellyfinUserId', async (req, res) => {
  try {
-    if (!req.params.jellyfinUserId.match(/^[a-f0-9]{32}$/)) {
-      const mediaServerType = getSettings().main.mediaServerType;
-      throw new Error(
-        `Provided URL is not ${
-          mediaServerType === MediaServerType.JELLYFIN
-            ? 'a Jellyfin'
-            : 'an Emby'
-        } avatar.`
-      );
-    }
-
-    const avatarImageCache = await initAvatarImageProxy();
-
-    const user = await getRepository(User).findOne({
-      where: { jellyfinUserId: req.params.jellyfinUserId },
-    });
-
-    const fallbackUrl = gravatarUrl(user?.email || 'none', {
-      default: 'mm',
-      size: 200,
-    });
-    const jellyfinAvatarUrl = `${getHostname()}/UserImage?UserId=${
-      req.params.jellyfinUserId
-    }`;
-    let imageData = await avatarImageCache.getImage(
-      jellyfinAvatarUrl,
-      fallbackUrl
-    );
-
-    if (imageData.meta.extension === 'json') {
-      // this is a 404
-      imageData = await avatarImageCache.getImage(fallbackUrl);
-    }
+    const imageData = await avatarImageProxy.getImage(imagePath);

    res.writeHead(200, {
      'Content-Type': `image/${imageData.meta.extension}`,
@@ -78,6 +23,7 @@ router.get('/:jellyfinUserId', async (req, res) => {
    res.end(imageData.imageBuffer);
  } catch (e) {
    logger.error('Failed to proxy avatar image', {
+      imagePath,
      errorMessage: e.message,
    });
  }
--- a/server/routes/index.ts
+++ b/server/routes/index.ts
@@ -17,11 +17,7 @@ import { mapProductionCompany } from '@server/models/Movie';
 import { mapNetwork } from '@server/models/Tv';
 import settingsRoutes from '@server/routes/settings';
 import watchlistRoutes from '@server/routes/watchlist';
-import {
-  appDataPath,
-  appDataPermissions,
-  appDataStatus,
-} from '@server/utils/appDataVolume';
+import { appDataPath, appDataStatus } from '@server/utils/appDataVolume';
 import { getAppVersion, getCommitTag } from '@server/utils/appVersion';
 import restartFlag from '@server/utils/restartFlag';
 import { isPerson } from '@server/utils/typeHelpers';
@@ -97,7 +93,6 @@ router.get('/status/appdata', (_req, res) => {
  return res.status(200).json({
    appData: appDataStatus(),
    appDataPath: appDataPath(),
-    appDataPermissions: appDataPermissions(),
  });
 });

--- a/server/routes/service.ts
+++ b/server/routes/service.ts
@@ -123,13 +123,9 @@ serviceRoutes.get<{ sonarrId: string }>(
    });

    try {
-      const systemStatus = await sonarr.getSystemStatus();
-      const sonarrMajorVersion = Number(systemStatus.version.split('.')[0]);
-
      const profiles = await sonarr.getProfiles();
      const rootFolders = await sonarr.getRootFolders();
-      const languageProfiles =
-        sonarrMajorVersion <= 3 ? await sonarr.getLanguageProfiles() : null;
+      const languageProfiles = await sonarr.getLanguageProfiles();
      const tags = await sonarr.getTags();

      return res.status(200).json({
--- a/server/routes/settings/index.ts
+++ b/server/routes/settings/index.ts
@@ -32,6 +32,7 @@ import { getHostname } from '@server/utils/getHostname';
 import { Router } from 'express';
 import rateLimit from 'express-rate-limit';
 import fs from 'fs';
+import gravatarUrl from 'gravatar-url';
 import { escapeRegExp, merge, omit, set, sortBy } from 'lodash';
 import { rescheduleJob } from 'node-schedule';
 import path from 'path';
@@ -69,19 +70,19 @@ settingsRoutes.get('/main', (req, res, next) => {
  res.status(200).json(filteredMainSettings(req.user, settings.main));
 });

-settingsRoutes.post('/main', async (req, res) => {
+settingsRoutes.post('/main', (req, res) => {
  const settings = getSettings();

  settings.main = merge(settings.main, req.body);
-  await settings.save();
+  settings.save();

  return res.status(200).json(settings.main);
 });

-settingsRoutes.post('/main/regenerate', async (req, res, next) => {
+settingsRoutes.post('/main/regenerate', (req, res, next) => {
  const settings = getSettings();

-  const main = await settings.regenerateApiKey();
+  const main = settings.regenerateApiKey();

  if (!req.user) {
    return next({ status: 500, message: 'User missing from request.' });
@@ -118,7 +119,7 @@ settingsRoutes.post('/plex', async (req, res, next) => {
    settings.plex.machineId = result.MediaContainer.machineIdentifier;
    settings.plex.name = result.MediaContainer.friendlyName;

-    await settings.save();
+    settings.save();
  } catch (e) {
    logger.error('Something went wrong testing Plex connection', {
      label: 'API',
@@ -231,7 +232,7 @@ settingsRoutes.get('/plex/library', async (req, res) => {
    ...library,
    enabled: enabledLibraries.includes(library.id),
  }));
-  await settings.save();
+  settings.save();
  return res.status(200).json(settings.plex.libraries);
 });

@@ -282,7 +283,7 @@ settingsRoutes.post('/jellyfin', async (req, res, next) => {
    Object.assign(settings.jellyfin, req.body);
    settings.jellyfin.serverId = result.Id;
    settings.jellyfin.name = result.ServerName;
-    await settings.save();
+    settings.save();
  } catch (e) {
    if (e instanceof ApiError) {
      logger.error('Something went wrong testing Jellyfin connection', {
@@ -370,12 +371,17 @@ settingsRoutes.get('/jellyfin/library', async (req, res, next) => {
    ...library,
    enabled: enabledLibraries.includes(library.id),
  }));
-  await settings.save();
+  settings.save();
  return res.status(200).json(settings.jellyfin.libraries);
 });

 settingsRoutes.get('/jellyfin/users', async (req, res) => {
  const settings = getSettings();
+  const { externalHostname } = settings.jellyfin;
+  const jellyfinHost =
+    externalHostname && externalHostname.length > 0
+      ? externalHostname
+      : getHostname();

  const userRepository = getRepository(User);
  const admin = await userRepository.findOneOrFail({
@@ -394,7 +400,9 @@ settingsRoutes.get('/jellyfin/users', async (req, res) => {
  const users = resp.users.map((user) => ({
    username: user.Name,
    id: user.Id,
-    thumb: `/avatarproxy/${user.Id}`,
+    thumb: user.PrimaryImageTag
+      ? `${jellyfinHost}/Users/${user.Id}/Images/Primary/?tag=${user.PrimaryImageTag}&quality=90`
+      : gravatarUrl(user.Name, { default: 'mm', size: 200 }),
    email: user.Name,
  }));

@@ -434,7 +442,7 @@ settingsRoutes.post('/tautulli', async (req, res, next) => {
        throw new Error('Tautulli version not supported');
      }

-      await settings.save();
+      settings.save();
    } catch (e) {
      logger.error('Something went wrong testing Tautulli connection', {
        label: 'API',
@@ -695,7 +703,7 @@ settingsRoutes.post<{ jobId: JobId }>(

 settingsRoutes.post<{ jobId: JobId }>(
  '/jobs/:jobId/schedule',
-  async (req, res, next) => {
+  (req, res, next) => {
    const scheduledJob = scheduledJobs.find(
      (job) => job.id === req.params.jobId
    );
@@ -709,7 +717,7 @@ settingsRoutes.post<{ jobId: JobId }>(

    if (result) {
      settings.jobs[scheduledJob.id].schedule = req.body.schedule;
-      await settings.save();
+      settings.save();

      scheduledJob.cronSchedule = req.body.schedule;

@@ -766,11 +774,11 @@ settingsRoutes.post<{ cacheId: AvailableCacheIds }>(
 settingsRoutes.post(
  '/initialize',
  isAuthenticated(Permission.ADMIN),
-  async (_req, res) => {
+  (_req, res) => {
    const settings = getSettings();

    settings.public.initialized = true;
-    await settings.save();
+    settings.save();

    return res.status(200).json(settings.public);
  }
--- a/server/routes/settings/notifications.ts
+++ b/server/routes/settings/notifications.ts
@@ -31,11 +31,11 @@ notificationRoutes.get('/discord', (_req, res) => {
  res.status(200).json(settings.notifications.agents.discord);
 });

-notificationRoutes.post('/discord', async (req, res) => {
+notificationRoutes.post('/discord', (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.discord = req.body;
-  await settings.save();
+  settings.save();

  res.status(200).json(settings.notifications.agents.discord);
 });
@@ -65,11 +65,11 @@ notificationRoutes.get('/slack', (_req, res) => {
  res.status(200).json(settings.notifications.agents.slack);
 });

-notificationRoutes.post('/slack', async (req, res) => {
+notificationRoutes.post('/slack', (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.slack = req.body;
-  await settings.save();
+  settings.save();

  res.status(200).json(settings.notifications.agents.slack);
 });
@@ -99,11 +99,11 @@ notificationRoutes.get('/telegram', (_req, res) => {
  res.status(200).json(settings.notifications.agents.telegram);
 });

-notificationRoutes.post('/telegram', async (req, res) => {
+notificationRoutes.post('/telegram', (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.telegram = req.body;
-  await settings.save();
+  settings.save();

  res.status(200).json(settings.notifications.agents.telegram);
 });
@@ -133,11 +133,11 @@ notificationRoutes.get('/pushbullet', (_req, res) => {
  res.status(200).json(settings.notifications.agents.pushbullet);
 });

-notificationRoutes.post('/pushbullet', async (req, res) => {
+notificationRoutes.post('/pushbullet', (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.pushbullet = req.body;
-  await settings.save();
+  settings.save();

  res.status(200).json(settings.notifications.agents.pushbullet);
 });
@@ -167,11 +167,11 @@ notificationRoutes.get('/pushover', (_req, res) => {
  res.status(200).json(settings.notifications.agents.pushover);
 });

-notificationRoutes.post('/pushover', async (req, res) => {
+notificationRoutes.post('/pushover', (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.pushover = req.body;
-  await settings.save();
+  settings.save();

  res.status(200).json(settings.notifications.agents.pushover);
 });
@@ -201,11 +201,11 @@ notificationRoutes.get('/email', (_req, res) => {
  res.status(200).json(settings.notifications.agents.email);
 });

-notificationRoutes.post('/email', async (req, res) => {
+notificationRoutes.post('/email', (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.email = req.body;
-  await settings.save();
+  settings.save();

  res.status(200).json(settings.notifications.agents.email);
 });
@@ -235,11 +235,11 @@ notificationRoutes.get('/webpush', (_req, res) => {
  res.status(200).json(settings.notifications.agents.webpush);
 });

-notificationRoutes.post('/webpush', async (req, res) => {
+notificationRoutes.post('/webpush', (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.webpush = req.body;
-  await settings.save();
+  settings.save();

  res.status(200).json(settings.notifications.agents.webpush);
 });
@@ -284,7 +284,7 @@ notificationRoutes.get('/webhook', (_req, res) => {
  res.status(200).json(response);
 });

-notificationRoutes.post('/webhook', async (req, res, next) => {
+notificationRoutes.post('/webhook', (req, res, next) => {
  const settings = getSettings();
  try {
    JSON.parse(req.body.options.jsonPayload);
@@ -300,7 +300,7 @@ notificationRoutes.post('/webhook', async (req, res, next) => {
        authHeader: req.body.options.authHeader,
      },
    };
-    await settings.save();
+    settings.save();

    res.status(200).json(settings.notifications.agents.webhook);
  } catch (e) {
@@ -351,11 +351,11 @@ notificationRoutes.get('/lunasea', (_req, res) => {
  res.status(200).json(settings.notifications.agents.lunasea);
 });

-notificationRoutes.post('/lunasea', async (req, res) => {
+notificationRoutes.post('/lunasea', (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.lunasea = req.body;
-  await settings.save();
+  settings.save();

  res.status(200).json(settings.notifications.agents.lunasea);
 });
@@ -385,11 +385,11 @@ notificationRoutes.get('/gotify', (_req, res) => {
  res.status(200).json(settings.notifications.agents.gotify);
 });

-notificationRoutes.post('/gotify', async (req, res) => {
+notificationRoutes.post('/gotify', (req, res) => {
  const settings = getSettings();

  settings.notifications.agents.gotify = req.body;
-  await settings.save();
+  settings.save();

  res.status(200).json(settings.notifications.agents.gotify);
 });
--- a/server/routes/settings/radarr.ts
+++ b/server/routes/settings/radarr.ts
@@ -12,7 +12,7 @@ radarrRoutes.get('/', (_req, res) => {
  res.status(200).json(settings.radarr);
 });

-radarrRoutes.post('/', async (req, res) => {
+radarrRoutes.post('/', (req, res) => {
  const settings = getSettings();

  const newRadarr = req.body as RadarrSettings;
@@ -31,7 +31,7 @@ radarrRoutes.post('/', async (req, res) => {
  }

  settings.radarr = [...settings.radarr, newRadarr];
-  await settings.save();
+  settings.save();

  return res.status(201).json(newRadarr);
 });
@@ -76,7 +76,7 @@ radarrRoutes.post<

 radarrRoutes.put<{ id: string }, RadarrSettings, RadarrSettings>(
  '/:id',
-  async (req, res, next) => {
+  (req, res, next) => {
    const settings = getSettings();

    const radarrIndex = settings.radarr.findIndex(
@@ -102,7 +102,7 @@ radarrRoutes.put<{ id: string }, RadarrSettings, RadarrSettings>(
      ...req.body,
      id: Number(req.params.id),
    } as RadarrSettings;
-    await settings.save();
+    settings.save();

    return res.status(200).json(settings.radarr[radarrIndex]);
  }
@@ -134,7 +134,7 @@ radarrRoutes.get<{ id: string }>('/:id/profiles', async (req, res, next) => {
  );
 });

-radarrRoutes.delete<{ id: string }>('/:id', async (req, res, next) => {
+radarrRoutes.delete<{ id: string }>('/:id', (req, res, next) => {
  const settings = getSettings();

  const radarrIndex = settings.radarr.findIndex(
@@ -146,7 +146,7 @@ radarrRoutes.delete<{ id: string }>('/:id', async (req, res, next) => {
  }

  const removed = settings.radarr.splice(radarrIndex, 1);
-  await settings.save();
+  settings.save();

  return res.status(200).json(removed[0]);
 });
--- a/server/routes/settings/sonarr.ts
+++ b/server/routes/settings/sonarr.ts
@@ -12,7 +12,7 @@ sonarrRoutes.get('/', (_req, res) => {
  res.status(200).json(settings.sonarr);
 });

-sonarrRoutes.post('/', async (req, res) => {
+sonarrRoutes.post('/', (req, res) => {
  const settings = getSettings();

  const newSonarr = req.body as SonarrSettings;
@@ -31,7 +31,7 @@ sonarrRoutes.post('/', async (req, res) => {
  }

  settings.sonarr = [...settings.sonarr, newSonarr];
-  await settings.save();
+  settings.save();

  return res.status(201).json(newSonarr);
 });
@@ -43,14 +43,13 @@ sonarrRoutes.post('/test', async (req, res, next) => {
      url: SonarrAPI.buildUrl(req.body, '/api/v3'),
    });

-    const systemStatus = await sonarr.getSystemStatus();
-    const sonarrMajorVersion = Number(systemStatus.version.split('.')[0]);
-
-    const urlBase = systemStatus.urlBase;
+    const urlBase = await sonarr
+      .getSystemStatus()
+      .then((value) => value.urlBase)
+      .catch(() => req.body.baseUrl);
    const profiles = await sonarr.getProfiles();
    const folders = await sonarr.getRootFolders();
-    const languageProfiles =
-      sonarrMajorVersion <= 3 ? await sonarr.getLanguageProfiles() : null;
+    const languageProfiles = await sonarr.getLanguageProfiles();
    const tags = await sonarr.getTags();

    return res.status(200).json({
@@ -73,7 +72,7 @@ sonarrRoutes.post('/test', async (req, res, next) => {
  }
 });

-sonarrRoutes.put<{ id: string }>('/:id', async (req, res) => {
+sonarrRoutes.put<{ id: string }>('/:id', (req, res) => {
  const settings = getSettings();

  const sonarrIndex = settings.sonarr.findIndex(
@@ -101,12 +100,12 @@ sonarrRoutes.put<{ id: string }>('/:id', async (req, res) => {
    ...req.body,
    id: Number(req.params.id),
  } as SonarrSettings;
-  await settings.save();
+  settings.save();

  return res.status(200).json(settings.sonarr[sonarrIndex]);
 });

-sonarrRoutes.delete<{ id: string }>('/:id', async (req, res) => {
+sonarrRoutes.delete<{ id: string }>('/:id', (req, res) => {
  const settings = getSettings();

  const sonarrIndex = settings.sonarr.findIndex(
@@ -120,7 +119,7 @@ sonarrRoutes.delete<{ id: string }>('/:id', async (req, res) => {
  }

  const removed = settings.sonarr.splice(sonarrIndex, 1);
-  await settings.save();
+  settings.save();

  return res.status(200).json(removed[0]);
 });
--- a/server/routes/user/index.ts
+++ b/server/routes/user/index.ts
@@ -516,6 +516,12 @@ router.post(

      //const jellyfinUsersResponse = await jellyfinClient.getUsers();
      const createdUsers: User[] = [];
+      const { externalHostname } = getSettings().jellyfin;
+
+      const jellyfinHost =
+        externalHostname && externalHostname.length > 0
+          ? externalHostname
+          : hostname;

      jellyfinClient.setUserId(admin.jellyfinUserId ?? '');
      const jellyfinUsers = await jellyfinClient.getUsers();
@@ -539,7 +545,12 @@ router.post(
            ).toString('base64'),
            email: jellyfinUser?.Name,
            permissions: settings.main.defaultPermissions,
-            avatar: `/avatarproxy/${jellyfinUser?.Id}`,
+            avatar: jellyfinUser?.PrimaryImageTag
+              ? `${jellyfinHost}/Users/${jellyfinUser.Id}/Images/Primary/?tag=${jellyfinUser.PrimaryImageTag}&quality=90`
+              : gravatarUrl(jellyfinUser?.Name ?? '', {
+                  default: 'mm',
+                  size: 200,
+                }),
            userType:
              settings.main.mediaServerType === MediaServerType.JELLYFIN
                ? UserType.JELLYFIN
--- a/server/utils/appDataVolume.ts
+++ b/server/utils/appDataVolume.ts
@@ -1,4 +1,4 @@
-import { accessSync, existsSync } from 'fs';
+import { existsSync } from 'fs';
 import path from 'path';

 const CONFIG_PATH = process.env.CONFIG_DIRECTORY
@@ -14,12 +14,3 @@ export const appDataStatus = (): boolean => {
 export const appDataPath = (): string => {
  return CONFIG_PATH;
 };
-
-export const appDataPermissions = (): boolean => {
-  try {
-    accessSync(CONFIG_PATH);
-    return true;
-  } catch (err) {
-    return false;
-  }
-};
--- a/server/utils/customProxyAgent.ts
+++ b/server/utils/customProxyAgent.ts
@@ -1,111 +0,0 @@
-import type { ProxySettings } from '@server/lib/settings';
-import logger from '@server/logger';
-import type { Dispatcher } from 'undici';
-import { Agent, ProxyAgent, setGlobalDispatcher } from 'undici';
-
-export default async function createCustomProxyAgent(
-  proxySettings: ProxySettings
-) {
-  const defaultAgent = new Agent();
-
-  const skipUrl = (url: string) => {
-    const hostname = new URL(url).hostname;
-
-    if (proxySettings.bypassLocalAddresses && isLocalAddress(hostname)) {
-      return true;
-    }
-
-    for (const address of proxySettings.bypassFilter.split(',')) {
-      const trimmedAddress = address.trim();
-      if (!trimmedAddress) {
-        continue;
-      }
-
-      if (trimmedAddress.startsWith('*')) {
-        const domain = trimmedAddress.slice(1);
-        if (hostname.endsWith(domain)) {
-          return true;
-        }
-      } else if (hostname === trimmedAddress) {
-        return true;
-      }
-    }
-
-    return false;
-  };
-
-  const noProxyInterceptor = (
-    dispatch: Dispatcher['dispatch']
-  ): Dispatcher['dispatch'] => {
-    return (opts, handler) => {
-      const url = opts.origin?.toString();
-      return url && skipUrl(url)
-        ? defaultAgent.dispatch(opts, handler)
-        : dispatch(opts, handler);
-    };
-  };
-
-  const token =
-    proxySettings.user && proxySettings.password
-      ? `Basic ${Buffer.from(
-          `${proxySettings.user}:${proxySettings.password}`
-        ).toString('base64')}`
-      : undefined;
-
-  try {
-    const proxyAgent = new ProxyAgent({
-      uri:
-        (proxySettings.useSsl ? 'https://' : 'http://') +
-        proxySettings.hostname +
-        ':' +
-        proxySettings.port,
-      token,
-      interceptors: {
-        Client: [noProxyInterceptor],
-      },
-    });
-
-    setGlobalDispatcher(proxyAgent);
-  } catch (e) {
-    logger.error('Failed to connect to the proxy: ' + e.message, {
-      label: 'Proxy',
-    });
-    setGlobalDispatcher(defaultAgent);
-    return;
-  }
-
-  try {
-    const res = await fetch('https://www.google.com', { method: 'HEAD' });
-    if (res.ok) {
-      logger.debug('HTTP(S) proxy connected successfully', { label: 'Proxy' });
-    } else {
-      logger.error('Proxy responded, but with a non-OK status: ' + res.status, {
-        label: 'Proxy',
-      });
-      setGlobalDispatcher(defaultAgent);
-    }
-  } catch (e) {
-    logger.error(
-      'Failed to connect to the proxy: ' + e.message + ': ' + e.cause,
-      { label: 'Proxy' }
-    );
-    setGlobalDispatcher(defaultAgent);
-  }
-}
-
-function isLocalAddress(hostname: string) {
-  if (hostname === 'localhost' || hostname === '127.0.0.1') {
-    return true;
-  }
-
-  const privateIpRanges = [
-    /^10\./, // 10.x.x.x
-    /^172\.(1[6-9]|2[0-9]|3[0-1])\./, // 172.16.x.x - 172.31.x.x
-    /^192\.168\./, // 192.168.x.x
-  ];
-  if (privateIpRanges.some((regex) => regex.test(hostname))) {
-    return true;
-  }
-
-  return false;
-}
--- a/server/utils/restartFlag.ts
+++ b/server/utils/restartFlag.ts
@@ -14,7 +14,7 @@ class RestartFlag {
    return (
      this.settings.csrfProtection !== settings.csrfProtection ||
      this.settings.trustProxy !== settings.trustProxy ||
-      this.settings.proxy.enabled !== settings.proxy.enabled
+      this.settings.cspFrameAncestorDomains !== settings.cspFrameAncestorDomains
    );
  }
 }
--- a/src/components/Blacklist/index.tsx
+++ b/src/components/Blacklist/index.tsx
@@ -268,7 +268,6 @@ const BlacklistedItem = ({ item, revalidateList }: BlacklistedItemProps) => {
      {title && title.backdropPath && (
        <div className="absolute inset-0 z-0 w-full bg-cover bg-center xl:w-2/3">
          <CachedImage
-            type="tmdb"
            src={`https://image.tmdb.org/t/p/w1920_and_h800_multi_faces/${title.backdropPath}`}
            alt=""
            style={{ width: '100%', height: '100%', objectFit: 'cover' }}
@@ -294,7 +293,6 @@ const BlacklistedItem = ({ item, revalidateList }: BlacklistedItemProps) => {
            className="relative h-auto w-12 flex-shrink-0 scale-100 transform-gpu overflow-hidden rounded-md transition duration-300 hover:scale-105"
          >
            <CachedImage
-              type="tmdb"
              src={
                title?.posterPath
                  ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${title.posterPath}`
@@ -357,7 +355,6 @@ const BlacklistedItem = ({ item, revalidateList }: BlacklistedItemProps) => {
                    <Link href={`/users/${item.user.id}`}>
                      <span className="group flex items-center truncate">
                        <CachedImage
-                          type="avatar"
                          src={item.user.avatar}
                          alt=""
                          className="avatar-sm ml-1.5"
--- a/src/components/CollectionDetails/index.tsx
+++ b/src/components/CollectionDetails/index.tsx
@@ -198,7 +198,6 @@ const CollectionDetails = ({ collection }: CollectionDetailsProps) => {
      {data.backdropPath && (
        <div className="media-page-bg-image">
          <CachedImage
-            type="tmdb"
            alt=""
            src={`https://image.tmdb.org/t/p/w1920_and_h800_multi_faces/${data.backdropPath}`}
            style={{ width: '100%', height: '100%', objectFit: 'cover' }}
@@ -229,7 +228,6 @@ const CollectionDetails = ({ collection }: CollectionDetailsProps) => {
      <div className="media-header">
        <div className="media-poster">
          <CachedImage
-            type="tmdb"
            src={
              data.posterPath
                ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${data.posterPath}`
--- a/src/components/Common/CachedImage/index.tsx
+++ b/src/components/Common/CachedImage/index.tsx
@@ -4,31 +4,24 @@ import Image from 'next/image';

 const imageLoader: ImageLoader = ({ src }) => src;

-export type CachedImageProps = ImageProps & {
-  src: string;
-  type: 'tmdb' | 'avatar';
-};
-
 /**
 * The CachedImage component should be used wherever
 * we want to offer the option to locally cache images.
 **/
-const CachedImage = ({ src, type, ...props }: CachedImageProps) => {
+const CachedImage = ({ src, ...props }: ImageProps) => {
  const { currentSettings } = useSettings();

-  let imageUrl: string;
+  let imageUrl = src;

-  if (type === 'tmdb') {
-    // tmdb stuff
-    imageUrl =
-      currentSettings.cacheImages && !src.startsWith('/')
-        ? src.replace(/^https:\/\/image\.tmdb\.org\//, '/imageproxy/')
-        : src;
-  } else if (type === 'avatar') {
-    // jellyfin avatar (if any)
-    imageUrl = src;
-  } else {
-    return null;
+  if (typeof imageUrl === 'string' && imageUrl.startsWith('http')) {
+    const parsedUrl = new URL(imageUrl);
+
+    if (parsedUrl.host === 'image.tmdb.org') {
+      if (currentSettings.cacheImages)
+        imageUrl = imageUrl.replace('https://image.tmdb.org', '/imageproxy');
+    } else if (parsedUrl.host !== 'gravatar.com') {
+      imageUrl = '/avatarproxy/' + imageUrl;
+    }
  }

  return <Image unoptimized loader={imageLoader} src={imageUrl} {...props} />;
--- a/src/components/Common/ImageFader/index.tsx
+++ b/src/components/Common/ImageFader/index.tsx
@@ -61,7 +61,6 @@ const ImageFader: ForwardRefRenderFunction<HTMLDivElement, ImageFaderProps> = (
          {...props}
        >
          <CachedImage
-            type="tmdb"
            className="absolute inset-0 h-full w-full"
            alt=""
            src={imageUrl}
--- a/src/components/Common/Modal/index.tsx
+++ b/src/components/Common/Modal/index.tsx
@@ -123,7 +123,6 @@ const Modal = React.forwardRef<HTMLDivElement, ModalProps>(
          {backdrop && (
            <div className="absolute top-0 left-0 right-0 z-0 h-64 max-h-full w-full">
              <CachedImage
-                type="tmdb"
                alt=""
                src={backdrop}
                style={{ width: '100%', height: '100%', objectFit: 'cover' }}
--- a/src/components/CompanyCard/index.tsx
+++ b/src/components/CompanyCard/index.tsx
@@ -33,7 +33,6 @@ const CompanyCard = ({ image, url, name }: CompanyCardProps) => {
    >
      <div className="relative h-full w-full">
        <CachedImage
-          type="tmdb"
          src={image}
          alt={name}
          className="relative z-40 h-full w-full"
--- a/src/components/GenreCard/index.tsx
+++ b/src/components/GenreCard/index.tsx
@@ -36,7 +36,6 @@ const GenreCard = ({ image, url, name, canExpand = false }: GenreCardProps) => {
      tabIndex={0}
    >
      <CachedImage
-        type="tmdb"
        src={image}
        alt=""
        style={{ width: '100%', height: '100%', objectFit: 'cover' }}
--- a/src/components/IssueDetails/IssueComment/index.tsx
+++ b/src/components/IssueDetails/IssueComment/index.tsx
@@ -89,8 +89,7 @@ const IssueComment = ({
      </Transition>
      <Link href={isActiveUser ? '/profile' : `/users/${comment.user.id}`}>
        <CachedImage
-          type="avatar"
-          src={comment.user.avatar}
+          src={`${comment.user.avatar}`}
          alt=""
          className="h-10 w-10 scale-100 transform-gpu rounded-full object-cover ring-1 ring-gray-500 transition duration-300 hover:scale-105"
          width={40}
--- a/src/components/IssueDetails/index.tsx
+++ b/src/components/IssueDetails/index.tsx
@@ -217,7 +217,6 @@ const IssueDetails = () => {
      {data.backdropPath && (
        <div className="media-page-bg-image">
          <CachedImage
-            type="tmdb"
            alt=""
            src={`https://image.tmdb.org/t/p/w1920_and_h800_multi_faces/${data.backdropPath}`}
            style={{ width: '100%', height: '100%', objectFit: 'cover' }}
@@ -236,7 +235,6 @@ const IssueDetails = () => {
      <div className="media-header">
        <div className="media-poster">
          <CachedImage
-            type="tmdb"
            src={
              data.posterPath
                ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${data.posterPath}`
@@ -289,8 +287,7 @@ const IssueDetails = () => {
                  className="group ml-1 inline-flex h-full items-center xl:ml-1.5"
                >
                  <CachedImage
-                    type="avatar"
-                    src={issueData.createdBy.avatar}
+                    src={`${issueData.createdBy.avatar}`}
                    alt=""
                    className="mr-0.5 h-5 w-5 scale-100 transform-gpu rounded-full object-cover transition duration-300 group-hover:scale-105 xl:mr-1 xl:h-6 xl:w-6"
                    width={20}
--- a/src/components/IssueList/IssueItem/index.tsx
+++ b/src/components/IssueList/IssueItem/index.tsx
@@ -112,7 +112,6 @@ const IssueItem = ({ issue }: IssueItemProps) => {
      {title.backdropPath && (
        <div className="absolute inset-0 z-0 w-full bg-cover bg-center xl:w-2/3">
          <CachedImage
-            type="tmdb"
            src={`https://image.tmdb.org/t/p/w1920_and_h800_multi_faces/${title.backdropPath}`}
            alt=""
            style={{ width: '100%', height: '100%', objectFit: 'cover' }}
@@ -138,7 +137,6 @@ const IssueItem = ({ issue }: IssueItemProps) => {
            className="relative h-auto w-12 flex-shrink-0 scale-100 transform-gpu overflow-hidden rounded-md transition duration-300 hover:scale-105"
          >
            <CachedImage
-              type="tmdb"
              src={
                title.posterPath
                  ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${title.posterPath}`
@@ -228,8 +226,7 @@ const IssueItem = ({ issue }: IssueItemProps) => {
                        className="group flex items-center truncate"
                      >
                        <CachedImage
-                          type="avatar"
-                          src={issue.createdBy.avatar}
+                          src={'/avatarproxy/' + issue.createdBy.avatar}
                          alt=""
                          className="avatar-sm ml-1.5 object-cover"
                          width={20}
--- a/src/components/Layout/MobileMenu/index.tsx
+++ b/src/components/Layout/MobileMenu/index.tsx
@@ -7,7 +7,6 @@ import {
  CogIcon,
  EllipsisHorizontalIcon,
  ExclamationTriangleIcon,
-  EyeSlashIcon,
  FilmIcon,
  SparklesIcon,
  TvIcon,
@@ -17,7 +16,6 @@ import {
  ClockIcon as FilledClockIcon,
  CogIcon as FilledCogIcon,
  ExclamationTriangleIcon as FilledExclamationTriangleIcon,
-  EyeSlashIcon as FilledEyeSlashIcon,
  FilmIcon as FilledFilmIcon,
  SparklesIcon as FilledSparklesIcon,
  TvIcon as FilledTvIcon,
@@ -86,18 +84,6 @@ const MobileMenu = () => {
      svgIconSelected: <FilledClockIcon className="h-6 w-6" />,
      activeRegExp: /^\/requests/,
    },
-    {
-      href: '/blacklist',
-      content: intl.formatMessage(menuMessages.blacklist),
-      svgIcon: <EyeSlashIcon className="h-6 w-6" />,
-      svgIconSelected: <FilledEyeSlashIcon className="h-6 w-6" />,
-      activeRegExp: /^\/blacklist/,
-      requiredPermission: [
-        Permission.MANAGE_BLACKLIST,
-        Permission.VIEW_BLACKLIST,
-      ],
-      permissionType: 'or',
-    },
    {
      href: '/issues',
      content: intl.formatMessage(menuMessages.issues),
--- a/src/components/Layout/UserDropdown/index.tsx
+++ b/src/components/Layout/UserDropdown/index.tsx
@@ -57,7 +57,6 @@ const UserDropdown = () => {
          data-testid="user-menu"
        >
          <CachedImage
-            type="avatar"
            className="h-8 w-8 rounded-full object-cover sm:h-10 sm:w-10"
            src={user ? user.avatar : ''}
            alt=""
@@ -81,7 +80,6 @@ const UserDropdown = () => {
            <div className="flex flex-col space-y-4 px-4 py-4">
              <div className="flex items-center space-x-2">
                <CachedImage
-                  type="avatar"
                  className="h-8 w-8 rounded-full object-cover sm:h-10 sm:w-10"
                  src={user ? user.avatar : ''}
                  alt=""
--- a/src/components/ManageSlideOver/index.tsx
+++ b/src/components/ManageSlideOver/index.tsx
@@ -369,7 +369,6 @@ const ManageSlideOver = ({
                                    content={user.displayName}
                                  >
                                    <CachedImage
-                                      type="avatar"
                                      src={user.avatar}
                                      alt={user.displayName}
                                      className="h-8 w-8 scale-100 transform-gpu rounded-full object-cover ring-1 ring-gray-500 transition duration-300 hover:scale-105"
@@ -531,7 +530,6 @@ const ManageSlideOver = ({
                                    content={user.displayName}
                                  >
                                    <CachedImage
-                                      type="avatar"
                                      src={user.avatar}
                                      alt={user.displayName}
                                      className="h-8 w-8 scale-100 transform-gpu rounded-full object-cover ring-1 ring-gray-500 transition duration-300 hover:scale-105"
--- a/src/components/MovieDetails/index.tsx
+++ b/src/components/MovieDetails/index.tsx
@@ -448,7 +448,6 @@ const MovieDetails = ({ movie }: MovieDetailsProps) => {
      {data.backdropPath && (
        <div className="media-page-bg-image">
          <CachedImage
-            type="tmdb"
            alt=""
            src={`https://image.tmdb.org/t/p/w1920_and_h800_multi_faces/${data.backdropPath}`}
            style={{ width: '100%', height: '100%', objectFit: 'cover' }}
@@ -495,7 +494,6 @@ const MovieDetails = ({ movie }: MovieDetailsProps) => {
      <div className="media-header">
        <div className="media-poster">
          <CachedImage
-            type="tmdb"
            src={
              data.posterPath
                ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${data.posterPath}`
@@ -743,7 +741,6 @@ const MovieDetails = ({ movie }: MovieDetailsProps) => {
                <div className="group relative z-0 scale-100 transform-gpu cursor-pointer overflow-hidden rounded-lg bg-gray-800 bg-cover bg-center shadow-md ring-1 ring-gray-700 transition duration-300 hover:scale-105 hover:ring-gray-500">
                  <div className="absolute inset-0 z-0">
                    <CachedImage
-                      type="tmdb"
                      src={`https://image.tmdb.org/t/p/w1440_and_h320_multi_faces/${data.collection.backdropPath}`}
                      alt=""
                      style={{
--- a/src/components/PersonCard/index.tsx
+++ b/src/components/PersonCard/index.tsx
@@ -51,7 +51,6 @@ const PersonCard = ({
              {profilePath ? (
                <div className="relative h-full w-3/4 overflow-hidden rounded-full ring-1 ring-gray-700">
                  <CachedImage
-                    type="tmdb"
                    src={`https://image.tmdb.org/t/p/w600_and_h900_bestv2${profilePath}`}
                    alt=""
                    style={{
--- a/src/components/PersonDetails/index.tsx
+++ b/src/components/PersonDetails/index.tsx
@@ -227,7 +227,6 @@ const PersonDetails = () => {
        {data.profilePath && (
          <div className="relative mb-6 mr-0 h-36 w-36 flex-shrink-0 overflow-hidden rounded-full ring-1 ring-gray-700 lg:mb-0 lg:mr-6 lg:h-44 lg:w-44">
            <CachedImage
-              type="tmdb"
              src={`https://image.tmdb.org/t/p/w600_and_h900_bestv2${data.profilePath}`}
              alt=""
              style={{ width: '100%', height: '100%', objectFit: 'cover' }}
--- a/src/components/RequestCard/index.tsx
+++ b/src/components/RequestCard/index.tsx
@@ -116,7 +116,6 @@ const RequestCardError = ({ requestData }: RequestCardErrorProps) => {
                    >
                      <span className="avatar-sm">
                        <CachedImage
-                          type="avatar"
                          src={requestData.requestedBy.avatar}
                          alt=""
                          className="avatar-sm object-cover"
@@ -346,7 +345,6 @@ const RequestCard = ({ request, onTitleData }: RequestCardProps) => {
        {title.backdropPath && (
          <div className="absolute inset-0 z-0">
            <CachedImage
-              type="tmdb"
              alt=""
              src={`https://image.tmdb.org/t/p/w1920_and_h800_multi_faces/${title.backdropPath}`}
              style={{ width: '100%', height: '100%', objectFit: 'cover' }}
@@ -392,7 +390,6 @@ const RequestCard = ({ request, onTitleData }: RequestCardProps) => {
              >
                <span className="avatar-sm">
                  <CachedImage
-                    type="avatar"
                    src={requestData.requestedBy.avatar}
                    alt=""
                    className="avatar-sm object-cover"
@@ -605,7 +602,6 @@ const RequestCard = ({ request, onTitleData }: RequestCardProps) => {
          className="w-20 flex-shrink-0 scale-100 transform-gpu cursor-pointer overflow-hidden rounded-md shadow-sm transition duration-300 hover:scale-105 hover:shadow-md sm:w-28"
        >
          <CachedImage
-            type="tmdb"
            src={
              title.posterPath
                ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${title.posterPath}`
--- a/src/components/RequestList/RequestItem/index.tsx
+++ b/src/components/RequestList/RequestItem/index.tsx
@@ -42,7 +42,6 @@ const messages = defineMessages('components.RequestList.RequestItem', {
  tmdbid: 'TMDB ID',
  tvdbid: 'TheTVDB ID',
  unknowntitle: 'Unknown Title',
-  removearr: 'Remove from {arr}',
  profileName: 'Profile',
 });

@@ -191,7 +190,6 @@ const RequestItemError = ({
                          >
                            <span className="avatar-sm ml-1.5">
                              <CachedImage
-                                type="avatar"
                                src={requestData.requestedBy.avatar}
                                alt=""
                                className="avatar-sm object-cover"
@@ -251,7 +249,6 @@ const RequestItemError = ({
                        >
                          <span className="avatar-sm ml-1.5">
                            <CachedImage
-                              type="avatar"
                              src={requestData.modifiedBy.avatar}
                              alt=""
                              className="avatar-sm object-cover"
@@ -344,18 +341,6 @@ const RequestItem = ({ request, revalidateList }: RequestItemProps) => {
    revalidateList();
  };

-  const deleteMediaFile = async () => {
-    if (request.media) {
-      await fetch(`/api/v1/media/${request.media.id}/file`, {
-        method: 'DELETE',
-      });
-      await fetch(`/api/v1/media/${request.media.id}`, {
-        method: 'DELETE',
-      });
-      revalidateList();
-    }
-  };
-
  const retryRequest = async () => {
    setRetrying(true);

@@ -420,7 +405,6 @@ const RequestItem = ({ request, revalidateList }: RequestItemProps) => {
        {title.backdropPath && (
          <div className="absolute inset-0 z-0 w-full bg-cover bg-center xl:w-2/3">
            <CachedImage
-              type="tmdb"
              src={`https://image.tmdb.org/t/p/w1920_and_h800_multi_faces/${title.backdropPath}`}
              alt=""
              style={{ width: '100%', height: '100%', objectFit: 'cover' }}
@@ -446,7 +430,6 @@ const RequestItem = ({ request, revalidateList }: RequestItemProps) => {
              className="relative h-auto w-12 flex-shrink-0 scale-100 transform-gpu overflow-hidden rounded-md transition duration-300 hover:scale-105"
            >
              <CachedImage
-                type="tmdb"
                src={
                  title.posterPath
                    ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${title.posterPath}`
@@ -574,7 +557,6 @@ const RequestItem = ({ request, revalidateList }: RequestItemProps) => {
                        >
                          <span className="avatar-sm ml-1.5">
                            <CachedImage
-                              type="avatar"
                              src={requestData.requestedBy.avatar}
                              alt=""
                              className="avatar-sm object-cover"
@@ -634,8 +616,7 @@ const RequestItem = ({ request, revalidateList }: RequestItemProps) => {
                      >
                        <span className="avatar-sm ml-1.5">
                          <CachedImage
-                            type="avatar"
-                            src={requestData.modifiedBy.avatar}
+                            src={requestData.requestedBy.avatar}
                            alt=""
                            className="avatar-sm object-cover"
                            width={20}
@@ -685,28 +666,14 @@ const RequestItem = ({ request, revalidateList }: RequestItemProps) => {
            )}
          {requestData.status !== MediaRequestStatus.PENDING &&
            hasPermission(Permission.MANAGE_REQUESTS) && (
-              <>
-                <ConfirmButton
-                  onClick={() => deleteRequest()}
-                  confirmText={intl.formatMessage(globalMessages.areyousure)}
-                  className="w-full"
-                >
-                  <TrashIcon />
-                  <span>{intl.formatMessage(messages.deleterequest)}</span>
-                </ConfirmButton>
-                <ConfirmButton
-                  onClick={() => deleteMediaFile()}
-                  confirmText={intl.formatMessage(globalMessages.areyousure)}
-                  className="w-full"
-                >
-                  <TrashIcon />
-                  <span>
-                    {intl.formatMessage(messages.removearr, {
-                      arr: request.type === 'movie' ? 'Radarr' : 'Sonarr',
-                    })}
-                  </span>
-                </ConfirmButton>
-              </>
+              <ConfirmButton
+                onClick={() => deleteRequest()}
+                confirmText={intl.formatMessage(globalMessages.areyousure)}
+                className="w-full"
+              >
+                <TrashIcon />
+                <span>{intl.formatMessage(messages.deleterequest)}</span>
+              </ConfirmButton>
            )}
          {requestData.status === MediaRequestStatus.PENDING &&
            hasPermission(Permission.MANAGE_REQUESTS) && (
--- a/src/components/RequestModal/AdvancedRequester/index.tsx
+++ b/src/components/RequestModal/AdvancedRequester/index.tsx
@@ -562,7 +562,6 @@ const AdvancedRequester = ({
                      <Listbox.Button className="focus:shadow-outline-blue relative w-full cursor-default rounded-md border border-gray-700 bg-gray-800 py-2 pl-3 pr-10 text-left text-white transition duration-150 ease-in-out focus:border-blue-300 focus:outline-none sm:text-sm sm:leading-5">
                        <span className="flex items-center">
                          <CachedImage
-                            type="avatar"
                            src={selectedUser.avatar}
                            alt=""
                            className="h-6 w-6 flex-shrink-0 rounded-full object-cover"
@@ -615,7 +614,6 @@ const AdvancedRequester = ({
                                  } flex items-center`}
                                >
                                  <CachedImage
-                                    type="avatar"
                                    src={user.avatar}
                                    alt=""
                                    className="h-6 w-6 flex-shrink-0 rounded-full object-cover"
--- a/src/components/RequestModal/CollectionRequestModal.tsx
+++ b/src/components/RequestModal/CollectionRequestModal.tsx
@@ -437,7 +437,6 @@ const CollectionRequestModal = ({
                          >
                            <div className="relative h-auto w-10 flex-shrink-0 overflow-hidden rounded-md">
                              <CachedImage
-                                type="tmdb"
                                src={
                                  part.posterPath
                                    ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${part.posterPath}`
--- a/src/components/Selector/index.tsx
+++ b/src/components/Selector/index.tsx
@@ -452,7 +452,6 @@ export const WatchProviderSelector = ({
                    tabIndex={0}
                  >
                    <CachedImage
-                      type="tmdb"
                      src={`https://image.tmdb.org/t/p/original${provider.logoPath}`}
                      alt=""
                      style={{
@@ -498,7 +497,6 @@ export const WatchProviderSelector = ({
                      tabIndex={0}
                    >
                      <CachedImage
-                        type="tmdb"
                        src={`https://image.tmdb.org/t/p/original${provider.logoPath}`}
                        alt=""
                        style={{
--- a/src/components/Settings/SettingsMain/index.tsx
+++ b/src/components/Settings/SettingsMain/index.tsx
@@ -44,6 +44,9 @@ const messages = defineMessages('components.Settings.SettingsMain', {
  csrfProtectionTip: 'Set external API access to read-only (requires HTTPS)',
  csrfProtectionHoverTip:
    'Do NOT enable this setting unless you understand what you are doing!',
+  cspFrameAncestorDomains: 'Frame-Ancestor Domains',
+  cspFrameAncestorDomainsTip:
+    'Domains to allow embedding Jellyseer as iframe, object or embed. Incompatible with CSRF-Protection',
  cacheImages: 'Enable Image Caching',
  cacheImagesTip:
    'Cache externally sourced images (requires a significant amount of disk space)',
@@ -55,17 +58,6 @@ const messages = defineMessages('components.Settings.SettingsMain', {
  validationApplicationUrlTrailingSlash: 'URL must not end in a trailing slash',
  partialRequestsEnabled: 'Allow Partial Series Requests',
  locale: 'Display Language',
-  proxyEnabled: 'HTTP(S) Proxy',
-  proxyHostname: 'Proxy Hostname',
-  proxyPort: 'Proxy Port',
-  proxySsl: 'Use SSL For Proxy',
-  proxyUser: 'Proxy Username',
-  proxyPassword: 'Proxy Password',
-  proxyBypassFilter: 'Proxy Ignored Addresses',
-  proxyBypassFilterTip:
-    "Use ',' as a separator, and '*.' as a wildcard for subdomains",
-  proxyBypassLocalAddresses: 'Bypass Proxy for Local Addresses',
-  validationProxyPort: 'You must provide a valid port',
 });

 const SettingsMain = () => {
@@ -93,12 +85,6 @@ const SettingsMain = () => {
        intl.formatMessage(messages.validationApplicationUrlTrailingSlash),
        (value) => !value || !value.endsWith('/')
      ),
-    proxyPort: Yup.number().when('proxyEnabled', {
-      is: (proxyEnabled: boolean) => proxyEnabled,
-      then: Yup.number().required(
-        intl.formatMessage(messages.validationProxyPort)
-      ),
-    }),
  });

  const regenerate = async () => {
@@ -147,6 +133,7 @@ const SettingsMain = () => {
            applicationTitle: data?.applicationTitle,
            applicationUrl: data?.applicationUrl,
            csrfProtection: data?.csrfProtection,
+            cspFrameAncestorDomains: data?.cspFrameAncestorDomains,
            hideAvailable: data?.hideAvailable,
            locale: data?.locale ?? 'en',
            region: data?.region,
@@ -154,14 +141,6 @@ const SettingsMain = () => {
            partialRequestsEnabled: data?.partialRequestsEnabled,
            trustProxy: data?.trustProxy,
            cacheImages: data?.cacheImages,
-            proxyEnabled: data?.proxy?.enabled,
-            proxyHostname: data?.proxy?.hostname,
-            proxyPort: data?.proxy?.port,
-            proxySsl: data?.proxy?.useSsl,
-            proxyUser: data?.proxy?.user,
-            proxyPassword: data?.proxy?.password,
-            proxyBypassFilter: data?.proxy?.bypassFilter,
-            proxyBypassLocalAddresses: data?.proxy?.bypassLocalAddresses,
          }}
          enableReinitialize
          validationSchema={MainSettingsSchema}
@@ -176,6 +155,7 @@ const SettingsMain = () => {
                  applicationTitle: values.applicationTitle,
                  applicationUrl: values.applicationUrl,
                  csrfProtection: values.csrfProtection,
+                  cspFrameAncestorDomains: values.cspFrameAncestorDomains,
                  hideAvailable: values.hideAvailable,
                  locale: values.locale,
                  region: values.region,
@@ -183,16 +163,6 @@ const SettingsMain = () => {
                  partialRequestsEnabled: values.partialRequestsEnabled,
                  trustProxy: values.trustProxy,
                  cacheImages: values.cacheImages,
-                  proxy: {
-                    enabled: values.proxyEnabled,
-                    hostname: values.proxyHostname,
-                    port: values.proxyPort,
-                    useSsl: values.proxySsl,
-                    user: values.proxyUser,
-                    password: values.proxyPassword,
-                    bypassFilter: values.proxyBypassFilter,
-                    bypassLocalAddresses: values.proxyBypassLocalAddresses,
-                  },
                }),
              });
              if (!res.ok) throw new Error();
@@ -353,6 +323,31 @@ const SettingsMain = () => {
                    </Tooltip>
                  </div>
                </div>
+                <div className="form-row">
+                  <label
+                    htmlFor="cspFrameAncestorDomains"
+                    className="text-label"
+                  >
+                    <span className="mr-2">
+                      {intl.formatMessage(messages.cspFrameAncestorDomains)}
+                    </span>
+                    <SettingsBadge badgeType="advanced" className="mr-2" />
+                    <SettingsBadge badgeType="restartRequired" />
+                    <span className="label-tip">
+                      {intl.formatMessage(messages.cspFrameAncestorDomainsTip)}
+                    </span>
+                  </label>
+                  <div className="form-input-area">
+                    <div className="form-input-field">
+                      <Field
+                        id="cspFrameAncestorDomains"
+                        name="cspFrameAncestorDomains"
+                        type="text"
+                        disabled={values.csrfProtection}
+                      />
+                    </div>
+                  </div>
+                </div>
                <div className="form-row">
                  <label htmlFor="cacheImages" className="checkbox-label">
                    <span className="mr-2">
@@ -472,176 +467,6 @@ const SettingsMain = () => {
                    />
                  </div>
                </div>
-                <div className="form-row">
-                  <label htmlFor="proxyEnabled" className="checkbox-label">
-                    <span className="mr-2">
-                      {intl.formatMessage(messages.proxyEnabled)}
-                    </span>
-                    <SettingsBadge badgeType="advanced" className="mr-2" />
-                    <SettingsBadge badgeType="restartRequired" />
-                  </label>
-                  <div className="form-input-area">
-                    <Field
-                      type="checkbox"
-                      id="proxyEnabled"
-                      name="proxyEnabled"
-                      onChange={() => {
-                        setFieldValue('proxyEnabled', !values.proxyEnabled);
-                      }}
-                    />
-                  </div>
-                </div>
-                {values.proxyEnabled && (
-                  <>
-                    <div className="form-row">
-                      <label htmlFor="proxyHostname" className="checkbox-label">
-                        <span className="mr-2 ml-4">
-                          {intl.formatMessage(messages.proxyHostname)}
-                        </span>
-                      </label>
-                      <div className="form-input-area">
-                        <div className="form-input-field">
-                          <Field
-                            id="proxyHostname"
-                            name="proxyHostname"
-                            type="text"
-                          />
-                        </div>
-                        {errors.proxyHostname &&
-                          touched.proxyHostname &&
-                          typeof errors.proxyHostname === 'string' && (
-                            <div className="error">{errors.proxyHostname}</div>
-                          )}
-                      </div>
-                    </div>
-                    <div className="form-row">
-                      <label htmlFor="proxyPort" className="checkbox-label">
-                        <span className="mr-2 ml-4">
-                          {intl.formatMessage(messages.proxyPort)}
-                        </span>
-                      </label>
-                      <div className="form-input-area">
-                        <div className="form-input-field">
-                          <Field id="proxyPort" name="proxyPort" type="text" />
-                        </div>
-                        {errors.proxyPort &&
-                          touched.proxyPort &&
-                          typeof errors.proxyPort === 'string' && (
-                            <div className="error">{errors.proxyPort}</div>
-                          )}
-                      </div>
-                    </div>
-                    <div className="form-row">
-                      <label htmlFor="proxySsl" className="checkbox-label">
-                        <span className="mr-2 ml-4">
-                          {intl.formatMessage(messages.proxySsl)}
-                        </span>
-                      </label>
-                      <div className="form-input-area">
-                        <Field
-                          type="checkbox"
-                          id="proxySsl"
-                          name="proxySsl"
-                          onChange={() => {
-                            setFieldValue('proxySsl', !values.proxySsl);
-                          }}
-                        />
-                      </div>
-                    </div>
-                    <div className="form-row">
-                      <label htmlFor="proxyUser" className="checkbox-label">
-                        <span className="mr-2 ml-4">
-                          {intl.formatMessage(messages.proxyUser)}
-                        </span>
-                      </label>
-                      <div className="form-input-area">
-                        <div className="form-input-field">
-                          <Field id="proxyUser" name="proxyUser" type="text" />
-                        </div>
-                        {errors.proxyUser &&
-                          touched.proxyUser &&
-                          typeof errors.proxyUser === 'string' && (
-                            <div className="error">{errors.proxyUser}</div>
-                          )}
-                      </div>
-                    </div>
-                    <div className="form-row">
-                      <label htmlFor="proxyPassword" className="checkbox-label">
-                        <span className="mr-2 ml-4">
-                          {intl.formatMessage(messages.proxyPassword)}
-                        </span>
-                      </label>
-                      <div className="form-input-area">
-                        <div className="form-input-field">
-                          <Field
-                            id="proxyPassword"
-                            name="proxyPassword"
-                            type="password"
-                          />
-                        </div>
-                        {errors.proxyPassword &&
-                          touched.proxyPassword &&
-                          typeof errors.proxyPassword === 'string' && (
-                            <div className="error">{errors.proxyPassword}</div>
-                          )}
-                      </div>
-                    </div>
-                    <div className="form-row">
-                      <label
-                        htmlFor="proxyBypassFilter"
-                        className="checkbox-label"
-                      >
-                        <span className="mr-2 ml-4">
-                          {intl.formatMessage(messages.proxyBypassFilter)}
-                        </span>
-                        <span className="label-tip ml-4">
-                          {intl.formatMessage(messages.proxyBypassFilterTip)}
-                        </span>
-                      </label>
-                      <div className="form-input-area">
-                        <div className="form-input-field">
-                          <Field
-                            id="proxyBypassFilter"
-                            name="proxyBypassFilter"
-                            type="text"
-                          />
-                        </div>
-                        {errors.proxyBypassFilter &&
-                          touched.proxyBypassFilter &&
-                          typeof errors.proxyBypassFilter === 'string' && (
-                            <div className="error">
-                              {errors.proxyBypassFilter}
-                            </div>
-                          )}
-                      </div>
-                    </div>
-                    <div className="form-row">
-                      <label
-                        htmlFor="proxyBypassLocalAddresses"
-                        className="checkbox-label"
-                      >
-                        <span className="mr-2 ml-4">
-                          {intl.formatMessage(
-                            messages.proxyBypassLocalAddresses
-                          )}
-                        </span>
-                      </label>
-                      <div className="form-input-area">
-                        <Field
-                          type="checkbox"
-                          id="proxyBypassLocalAddresses"
-                          name="proxyBypassLocalAddresses"
-                          onChange={() => {
-                            setFieldValue(
-                              'proxyBypassLocalAddresses',
-                              !values.proxyBypassLocalAddresses
-                            );
-                          }}
-                        />
-                      </div>
-                    </div>
-                  </>
-                )}
                <div className="actions">
                  <div className="flex justify-end">
                    <span className="ml-3 inline-flex rounded-md shadow-sm">
--- a/src/components/Settings/SonarrModal/index.tsx
+++ b/src/components/Settings/SonarrModal/index.tsx
@@ -86,12 +86,10 @@ interface TestResponse {
    id: number;
    path: string;
  }[];
-  languageProfiles:
-    | {
-        id: number;
-        name: string;
-      }[]
-    | null;
+  languageProfiles: {
+    id: number;
+    name: string;
+  }[];
  tags: {
    id: number;
    label: string;
@@ -114,7 +112,7 @@ const SonarrModal = ({ onClose, sonarr, onSave }: SonarrModalProps) => {
  const [testResponse, setTestResponse] = useState<TestResponse>({
    profiles: [],
    rootFolders: [],
-    languageProfiles: null,
+    languageProfiles: [],
    tags: [],
  });
  const SonarrSettingsSchema = Yup.object().shape({
@@ -139,11 +137,9 @@ const SonarrModal = ({ onClose, sonarr, onSave }: SonarrModalProps) => {
    activeProfileId: Yup.string().required(
      intl.formatMessage(messages.validationProfileRequired)
    ),
-    activeLanguageProfileId: testResponse.languageProfiles
-      ? Yup.number().required(
-          intl.formatMessage(messages.validationLanguageProfileRequired)
-        )
-      : Yup.number(),
+    activeLanguageProfileId: Yup.number().required(
+      intl.formatMessage(messages.validationLanguageProfileRequired)
+    ),
    externalUrl: Yup.string()
      .url(intl.formatMessage(messages.validationApplicationUrl))
      .test(
@@ -662,56 +658,54 @@ const SonarrModal = ({ onClose, sonarr, onSave }: SonarrModalProps) => {
                      )}
                  </div>
                </div>
-                {testResponse.languageProfiles && (
-                  <div className="form-row">
-                    <label
-                      htmlFor="activeLanguageProfileId"
-                      className="text-label"
-                    >
-                      {intl.formatMessage(messages.languageprofile)}
-                      <span className="label-required">*</span>
-                    </label>
-                    <div className="form-input-area">
-                      <div className="form-input-field">
-                        <Field
-                          as="select"
-                          id="activeLanguageProfileId"
-                          name="activeLanguageProfileId"
-                          disabled={!isValidated || isTesting}
-                        >
-                          <option value="">
-                            {isTesting
-                              ? intl.formatMessage(
-                                  messages.loadinglanguageprofiles
-                                )
-                              : !isValidated
-                              ? intl.formatMessage(
-                                  messages.testFirstLanguageProfiles
-                                )
-                              : intl.formatMessage(
-                                  messages.selectLanguageProfile
-                                )}
-                          </option>
-                          {testResponse.languageProfiles.length > 0 &&
-                            testResponse.languageProfiles.map((language) => (
-                              <option
-                                key={`loaded-profile-${language.id}`}
-                                value={language.id}
-                              >
-                                {language.name}
-                              </option>
-                            ))}
-                        </Field>
-                      </div>
-                      {errors.activeLanguageProfileId &&
-                        touched.activeLanguageProfileId && (
-                          <div className="error">
-                            {errors.activeLanguageProfileId}
-                          </div>
-                        )}
+                <div className="form-row">
+                  <label
+                    htmlFor="activeLanguageProfileId"
+                    className="text-label"
+                  >
+                    {intl.formatMessage(messages.languageprofile)}
+                    <span className="label-required">*</span>
+                  </label>
+                  <div className="form-input-area">
+                    <div className="form-input-field">
+                      <Field
+                        as="select"
+                        id="activeLanguageProfileId"
+                        name="activeLanguageProfileId"
+                        disabled={!isValidated || isTesting}
+                      >
+                        <option value="">
+                          {isTesting
+                            ? intl.formatMessage(
+                                messages.loadinglanguageprofiles
+                              )
+                            : !isValidated
+                            ? intl.formatMessage(
+                                messages.testFirstLanguageProfiles
+                              )
+                            : intl.formatMessage(
+                                messages.selectLanguageProfile
+                              )}
+                        </option>
+                        {testResponse.languageProfiles.length > 0 &&
+                          testResponse.languageProfiles.map((language) => (
+                            <option
+                              key={`loaded-profile-${language.id}`}
+                              value={language.id}
+                            >
+                              {language.name}
+                            </option>
+                          ))}
+                      </Field>
                    </div>
+                    {errors.activeLanguageProfileId &&
+                      touched.activeLanguageProfileId && (
+                        <div className="error">
+                          {errors.activeLanguageProfileId}
+                        </div>
+                      )}
                  </div>
-                )}
+                </div>
                <div className="form-row">
                  <label htmlFor="tags" className="text-label">
                    {intl.formatMessage(messages.tags)}
@@ -869,55 +863,53 @@ const SonarrModal = ({ onClose, sonarr, onSave }: SonarrModalProps) => {
                      )}
                  </div>
                </div>
-                {testResponse.languageProfiles && (
-                  <div className="form-row">
-                    <label
-                      htmlFor="activeAnimeLanguageProfileId"
-                      className="text-label"
-                    >
-                      {intl.formatMessage(messages.animelanguageprofile)}
-                    </label>
-                    <div className="form-input-area">
-                      <div className="form-input-field">
-                        <Field
-                          as="select"
-                          id="activeAnimeLanguageProfileId"
-                          name="activeAnimeLanguageProfileId"
-                          disabled={!isValidated || isTesting}
-                        >
-                          <option value="">
-                            {isTesting
-                              ? intl.formatMessage(
-                                  messages.loadinglanguageprofiles
-                                )
-                              : !isValidated
-                              ? intl.formatMessage(
-                                  messages.testFirstLanguageProfiles
-                                )
-                              : intl.formatMessage(
-                                  messages.selectLanguageProfile
-                                )}
-                          </option>
-                          {testResponse.languageProfiles.length > 0 &&
-                            testResponse.languageProfiles.map((language) => (
-                              <option
-                                key={`loaded-profile-${language.id}`}
-                                value={language.id}
-                              >
-                                {language.name}
-                              </option>
-                            ))}
-                        </Field>
-                      </div>
-                      {errors.activeAnimeLanguageProfileId &&
-                        touched.activeAnimeLanguageProfileId && (
-                          <div className="error">
-                            {errors.activeAnimeLanguageProfileId}
-                          </div>
-                        )}
+                <div className="form-row">
+                  <label
+                    htmlFor="activeAnimeLanguageProfileId"
+                    className="text-label"
+                  >
+                    {intl.formatMessage(messages.animelanguageprofile)}
+                  </label>
+                  <div className="form-input-area">
+                    <div className="form-input-field">
+                      <Field
+                        as="select"
+                        id="activeAnimeLanguageProfileId"
+                        name="activeAnimeLanguageProfileId"
+                        disabled={!isValidated || isTesting}
+                      >
+                        <option value="">
+                          {isTesting
+                            ? intl.formatMessage(
+                                messages.loadinglanguageprofiles
+                              )
+                            : !isValidated
+                            ? intl.formatMessage(
+                                messages.testFirstLanguageProfiles
+                              )
+                            : intl.formatMessage(
+                                messages.selectLanguageProfile
+                              )}
+                        </option>
+                        {testResponse.languageProfiles.length > 0 &&
+                          testResponse.languageProfiles.map((language) => (
+                            <option
+                              key={`loaded-profile-${language.id}`}
+                              value={language.id}
+                            >
+                              {language.name}
+                            </option>
+                          ))}
+                      </Field>
                    </div>
+                    {errors.activeAnimeLanguageProfileId &&
+                      touched.activeAnimeLanguageProfileId && (
+                        <div className="error">
+                          {errors.activeAnimeLanguageProfileId}
+                        </div>
+                      )}
                  </div>
-                )}
+                </div>
                <div className="form-row">
                  <label htmlFor="tags" className="text-label">
                    {intl.formatMessage(messages.animeTags)}
--- a/src/components/TitleCard/index.tsx
+++ b/src/components/TitleCard/index.tsx
@@ -346,7 +346,6 @@ const TitleCard = ({
      >
        <div className="absolute inset-0 h-full w-full overflow-hidden">
          <CachedImage
-            type="tmdb"
            className="absolute inset-0 h-full w-full"
            alt=""
            src={
--- a/src/components/TvDetails/index.tsx
+++ b/src/components/TvDetails/index.tsx
@@ -471,7 +471,6 @@ const TvDetails = ({ tv }: TvDetailsProps) => {
      {data.backdropPath && (
        <div className="media-page-bg-image">
          <CachedImage
-            type="tmdb"
            alt=""
            src={`https://image.tmdb.org/t/p/w1920_and_h800_multi_faces/${data.backdropPath}`}
            style={{ width: '100%', height: '100%', objectFit: 'cover' }}
@@ -528,7 +527,6 @@ const TvDetails = ({ tv }: TvDetailsProps) => {
      <div className="media-header">
        <div className="media-poster">
          <CachedImage
-            type="tmdb"
            src={
              data.posterPath
                ? `https://image.tmdb.org/t/p/w600_and_h900_bestv2${data.posterPath}`
--- a/src/components/UserList/JellyfinImportModal.tsx
+++ b/src/components/UserList/JellyfinImportModal.tsx
@@ -250,7 +250,6 @@ const JellyfinImportModal: React.FC<JellyfinImportProps> = ({
                            <td className="whitespace-nowrap px-1 py-4 text-sm font-medium leading-5 text-gray-100 md:px-6">
                              <div className="flex items-center">
                                <CachedImage
-                                  type="avatar"
                                  className="h-10 w-10 flex-shrink-0 rounded-full"
                                  src={user.thumb}
                                  alt=""
--- a/src/components/UserList/index.tsx
+++ b/src/components/UserList/index.tsx
@@ -634,7 +634,6 @@ const UserList = () => {
                    className="h-10 w-10 flex-shrink-0"
                  >
                    <CachedImage
-                      type="avatar"
                      className="h-10 w-10 rounded-full object-cover"
                      src={user.avatar}
                      alt=""
--- a/src/components/UserProfile/ProfileHeader/index.tsx
+++ b/src/components/UserProfile/ProfileHeader/index.tsx
@@ -43,7 +43,6 @@ const ProfileHeader = ({ user, isSettingsPage }: ProfileHeaderProps) => {
        <div className="flex-shrink-0">
          <div className="relative">
            <CachedImage
-              type="avatar"
              className="h-24 w-24 rounded-full bg-gray-600 object-cover ring-1 ring-gray-700"
              src={user.avatar}
              alt=""
--- a/src/i18n/locale/en.json
+++ b/src/i18n/locale/en.json
@@ -298,7 +298,6 @@
  "components.ManageSlideOver.plays": "<strong>{playCount, number}</strong> {playCount, plural, one {play} other {plays}}",
  "components.ManageSlideOver.removearr": "Remove from {arr}",
  "components.ManageSlideOver.removearr4k": "Remove from 4K {arr}",
-  "components.RequestList.RequestItem.removearr": "Remove from {arr}",
  "components.ManageSlideOver.tvshow": "series",
  "components.MediaSlider.ShowMoreCard.seemore": "See More",
  "components.MovieDetails.MovieCast.fullcast": "Full Cast",
@@ -874,6 +873,8 @@
  "components.Settings.SettingsMain.applicationurl": "Application URL",
  "components.Settings.SettingsMain.cacheImages": "Enable Image Caching",
  "components.Settings.SettingsMain.cacheImagesTip": "Cache externally sourced images (requires a significant amount of disk space)",
+  "components.Settings.SettingsMain.cspFrameAncestorDomains": "Frame-Ancestor Domains",
+  "components.Settings.SettingsMain.cspFrameAncestorDomainsTip": "Domains to allow embedding Jellyseer as iframe, object or embed. Incompatible with CSRF-Protection",
  "components.Settings.SettingsMain.csrfProtection": "Enable CSRF Protection",
  "components.Settings.SettingsMain.csrfProtectionHoverTip": "Do NOT enable this setting unless you understand what you are doing!",
  "components.Settings.SettingsMain.csrfProtectionTip": "Set external API access to read-only (requires HTTPS)",
@@ -1084,7 +1085,7 @@
  "components.Setup.finishing": "Finishing…",
  "components.Setup.servertype": "Choose Server Type",
  "components.Setup.setup": "Setup",
-  "components.Setup.signin": "Sign in to your account",
+  "components.Setup.signin": "Sign In",
  "components.Setup.signinMessage": "Get started by signing in",
  "components.Setup.signinWithEmby": "Enter your Emby details",
  "components.Setup.signinWithJellyfin": "Enter your Jellyfin details",
--- a/src/pages/_app.tsx
+++ b/src/pages/_app.tsx
@@ -12,17 +12,18 @@ import { SettingsProvider } from '@app/context/SettingsContext';
 import { UserContext } from '@app/context/UserContext';
 import type { User } from '@app/hooks/useUser';
 import '@app/styles/globals.css';
-import '@app/utils/fetchOverride';
 import { polyfillIntl } from '@app/utils/polyfillIntl';
 import { MediaServerType } from '@server/constants/server';
 import type { PublicSettingsResponse } from '@server/interfaces/api/settingsInterfaces';
 import type { AppInitialProps, AppProps } from 'next/app';
 import App from 'next/app';
+import { Inter } from 'next/font/google';
 import Head from 'next/head';
 import { useEffect, useState } from 'react';
 import { IntlProvider } from 'react-intl';
 import { ToastProvider } from 'react-toast-notifications';
 import { SWRConfig } from 'swr';
+const inter = Inter({ subsets: ['latin'] });

 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 const loadLocaleData = (locale: AvailableLocale): Promise<any> => {
@@ -137,47 +138,49 @@ const CoreApp: Omit<NextAppComponentType, 'origGetInitialProps'> = ({
  }

  return (
-    <SWRConfig
-      value={{
-        fetcher: async (resource, init) => {
-          const res = await fetch(resource, init);
-          if (!res.ok) throw new Error();
-          return await res.json();
-        },
-        fallback: {
-          '/api/v1/auth/me': user,
-        },
-      }}
-    >
-      <LanguageContext.Provider value={{ locale: currentLocale, setLocale }}>
-        <IntlProvider
-          locale={currentLocale}
-          defaultLocale="en"
-          messages={loadedMessages}
-        >
-          <LoadingBar />
-          <SettingsProvider currentSettings={currentSettings}>
-            <InteractionProvider>
-              <ToastProvider components={{ Toast, ToastContainer }}>
-                <Head>
-                  <title>{currentSettings.applicationTitle}</title>
-                  <meta
-                    name="viewport"
-                    content="initial-scale=1, viewport-fit=cover, width=device-width"
-                  ></meta>
-                  <PWAHeader
-                    applicationTitle={currentSettings.applicationTitle}
-                  />
-                </Head>
-                <StatusChecker />
-                <ServiceWorkerSetup />
-                <UserContext initialUser={user}>{component}</UserContext>
-              </ToastProvider>
-            </InteractionProvider>
-          </SettingsProvider>
-        </IntlProvider>
-      </LanguageContext.Provider>
-    </SWRConfig>
+    <main className={inter.className}>
+      <SWRConfig
+        value={{
+          fetcher: async (resource, init) => {
+            const res = await fetch(resource, init);
+            if (!res.ok) throw new Error();
+            return await res.json();
+          },
+          fallback: {
+            '/api/v1/auth/me': user,
+          },
+        }}
+      >
+        <LanguageContext.Provider value={{ locale: currentLocale, setLocale }}>
+          <IntlProvider
+            locale={currentLocale}
+            defaultLocale="en"
+            messages={loadedMessages}
+          >
+            <LoadingBar />
+            <SettingsProvider currentSettings={currentSettings}>
+              <InteractionProvider>
+                <ToastProvider components={{ Toast, ToastContainer }}>
+                  <Head>
+                    <title>{currentSettings.applicationTitle}</title>
+                    <meta
+                      name="viewport"
+                      content="initial-scale=1, viewport-fit=cover, width=device-width"
+                    ></meta>
+                    <PWAHeader
+                      applicationTitle={currentSettings.applicationTitle}
+                    />
+                  </Head>
+                  <StatusChecker />
+                  <ServiceWorkerSetup />
+                  <UserContext initialUser={user}>{component}</UserContext>
+                </ToastProvider>
+              </InteractionProvider>
+            </SettingsProvider>
+          </IntlProvider>
+        </LanguageContext.Provider>
+      </SWRConfig>
+    </main>
  );
 };

--- a/src/pages/_document.tsx
+++ b/src/pages/_document.tsx
@@ -13,13 +13,7 @@ class MyDocument extends Document {
  render(): JSX.Element {
    return (
      <Html>
-        <Head>
-          <link rel="preconnect" href="https://fonts.gstatic.com" />
-          <link
-            rel="stylesheet"
-            href="https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap"
-          />
-        </Head>
+        <Head></Head>
        <body>
          <Main />
          <NextScript />
--- a/src/styles/globals.css
+++ b/src/styles/globals.css
@@ -53,6 +53,10 @@
 }

@layer components {
+  *:disabled {
+    opacity: 0.7;
+  }
+
  .searchbar {
    padding-top: env(safe-area-inset-top);
    height: calc(4rem + env(safe-area-inset-top));
--- a/src/utils/fetchOverride.ts
+++ b/src/utils/fetchOverride.ts
@@ -1,46 +0,0 @@
-const getCsrfToken = (): string | null => {
-  if (typeof window !== 'undefined') {
-    const match = document.cookie.match(/XSRF-TOKEN=([^;]+)/);
-    return match ? decodeURIComponent(match[1]) : null;
-  }
-  return null;
-};
-
-const isSameOrigin = (url: RequestInfo | URL): boolean => {
-  const parsedUrl = new URL(
-    url instanceof Request ? url.url : url.toString(),
-    window.location.origin
-  );
-  return parsedUrl.origin === window.location.origin;
-};
-
-// We are using a custom fetch implementation to add the X-XSRF-TOKEN heade
-// to all requests. This is required when CSRF protection is enabled.
-if (typeof window !== 'undefined') {
-  const originalFetch: typeof fetch = window.fetch;
-
-  (window as typeof globalThis).fetch = async (
-    input: RequestInfo | URL,
-    init?: RequestInit
-  ): Promise<Response> => {
-    if (!isSameOrigin(input)) {
-      return originalFetch(input, init);
-    }
-
-    const csrfToken = getCsrfToken();
-
-    const headers = {
-      ...(init?.headers || {}),
-      ...(csrfToken ? { 'XSRF-TOKEN': csrfToken } : {}),
-    };
-
-    const newInit: RequestInit = {
-      ...init,
-      headers,
-    };
-
-    return originalFetch(input, newInit);
-  };
-}
-
-export {};