CaseMark routes document previews back through Mike

kveton patches a production PDF viewer that was failing because the browser was being sent to a different origin to fetch files.

securityinfrastructure

Document previews in this fork now load through the main app instead of redirecting the browser to a separate storage URL. In production, that redirect path was breaking - users were seeing "Failed to load document" when trying to view PDFs, Word files, and the like. Keeping the request on the app's own origin fixes the failure and, just as importantly, keeps the app's own permissions in charge of who can see what, rather than handing that decision to the storage layer.

The same change quietly cleaned up a bug in the account settings screen, where a still-loading profile was being shown as if the user had no API key configured. It went out as a hotfix - opened, reviewed, and merged inside a quarter of an hour.

So what Anyone running Mike in production should note this: cross-origin storage links are a fragile place to keep your access-control boundary, and CaseMark just moved theirs back to where it belongs.

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

2 commits from CaseMark/mikeoss-casedotdev, oldest first. Source extracted verbatim from the harvested git log.

SHA	Subject	Author	Date
`96ee1a64`	Avoid false missing key state during profile load	kveton	2026-05-04	↗ GitHub
`8b7e3e0a`	Proxy Case document display bytes	kveton	2026-05-04	↗ GitHub

SHA

Subject

Author

Date

96ee1a64

Avoid false missing key state during profile load

kveton

2026-05-04

↗ GitHub

8b7e3e0a

Proxy Case document display bytes

kveton

2026-05-04

↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-284.md from inside the repo you want the changes in.