MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · CaseMark/mikeoss-casedotdev · this thread

CaseMark stops handing document URLs to the browser

A small but meaningful security upgrade to how privileged documents reach the user.

securityinfrastructure

Until now, opening a PDF or Word file in CaseMark's fork meant the browser was sent a short-lived signed link straight to the underlying cloud storage. The team rewired this so the backend fetches the file itself and streams the bytes down to the user, with the right content-type headers and an instruction not to cache. The storage URLs and the API keys behind them never touch the browser, and authentication stays consolidated at a single backend boundary.

A smaller second tweak: the settings page now loads its various account-status checks in parallel behind a spinner, so users no longer briefly flash a misleading "missing key" warning while their profile is still loading.

So what Anyone building a product that lets users view privileged documents stored in third-party cloud storage should study this pattern - it removes an entire class of leaked-link bugs.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

3 commits from CaseMark/mikeoss-casedotdev, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
96ee1a64 Avoid false missing key state during profile load kveton 2026-05-04 ↗ GitHub
8b7e3e0a Proxy Case document display bytes kveton 2026-05-04 ↗ GitHub
303e2633 Merge pull request #6 from CaseMark/codex/fix-case-document-display Scott Kveton 2026-05-04 ↗ GitHub 
Fix Case Vault document preview loading

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-36.md from inside the repo you want the changes in.

⬇ Download capture-thread-36.md