CaseMark pulls document previews back behind its own front door

Client files now load through Mike's backend instead of sending the browser a signed link straight to storage.

securityinfrastructure

CaseMark's document viewer used to hand the browser a temporary signed link and let it fetch files directly from Case Vault, the fork's document store. That link was visible in network traffic, and the cross-origin trip was also making previews fail outright in production with a "failed to load" error.

CaseMark fixed both at once by routing each file through Mike's own backend. The document now loads on the app's own domain, the app's login and permission checks stay the gatekeeper, and storage credentials never reach the browser. The honest cost: the backend holds each file fully in memory before sending it, with no streaming. Teams pushing large documents to many users at the same time will want to watch that ceiling before rolling it out widely.

So what If you preview client documents in a hosted Mike instance, this keeps your storage keys private and access control where it belongs - just mind the memory load on big files.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

2 commits from CaseMark/mikeoss-casedotdev, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
96ee1a64 Avoid false missing key state during profile load kveton 2026-05-04 ↗ GitHub
8b7e3e0a Proxy Case document display bytes kveton 2026-05-04 ↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-284.md from inside the repo you want the changes in.

⬇ Download capture-thread-284.md