v2.0.3

Security hardening, dashboard proxy protection, and scrape reliability improvements.

by @saifyxpro

Released on March 7, 2026

Security

  • Removed the public dashboard-internal fallback key and localhost trust path from the backend auth layer.
  • Added API key protection to dashboard, profile, proxy, and job management endpoints that were previously exposed without auth.
  • API keys are now stored as hashes instead of plaintext.
  • Stored proxy and profile passwords are encrypted at rest.
  • The dashboard now forwards /api/* requests through a Next.js server route.

Reliability and Behavior

  • Website scraping now fails fast with explicit Cloudflare challenge metadata instead of returning challenge pages as successful output.
  • Aligned html-js behavior between the REST API and streaming endpoint.
  • Added a DOM stability wait before HTML extraction and screenshot capture.
  • Job cancellation now interrupts active scraping work instead of only updating job status in the UI.
  • Removed unsupported PDF scraping and export paths from the API and dashboard UI.

Developer Experience

  • Fixed a frontend startup failure caused by an invalid .npmrc encoding.
  • Resolved web and API port conflicts during local development.
  • Added and documented required DASHBOARD_INTERNAL_API_KEY and CREDENTIAL_ENCRYPTION_KEY values.

Related GitHub Commits

a9e2367chore: remove obsolete files and update documentation links in Sidebar componentby @saifyxproe1b91d9feat: update docs link to point to introductionby @saifyxpro7eb4a45feat(api,web): improve scrape reliability and remove unsupported PDF flowby @saifyxpro27bd3e3fix(web): resolve dev startup failures on fresh installsby @saifyxpro0abfb20fix(api): align REST and SSE HTML rendering for dynamic pagesby @saifyxpro3c70c7dfix(security): harden dashboard auth and secret handlingby @saifyxpro