From 50abd85faeb793ee2b7fe362fc9a5f644e0f4afb Mon Sep 17 00:00:00 2001
From: Will Miao <willmiao.dev@gmail.com>
Date: Wed, 21 Jan 2026 11:27:56 +0800
Subject: [PATCH] fix(previews): temporarily bypass path validation to restore
 preview functionality

Temporary workaround for issues #772 and #774 where valid previews
are rejected. Path validation is disabled until proper fix for
preview root path handling is implemented.
---
 py/routes/handlers/preview_handlers.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/py/routes/handlers/preview_handlers.py b/py/routes/handlers/preview_handlers.py
index 660dbe83..a8c0eed8 100644
--- a/py/routes/handlers/preview_handlers.py
+++ b/py/routes/handlers/preview_handlers.py
@@ -41,9 +41,10 @@ class PreviewHandler:
             raise web.HTTPBadRequest(text="Unable to resolve preview path") from exc
 
         resolved_str = str(resolved)
-        if not self._config.is_preview_path_allowed(resolved_str):
-            logger.debug("Rejected preview outside allowed roots: %s", resolved_str)
-            raise web.HTTPForbidden(text="Preview path is not within an allowed directory")
+        # TODO: Temporarily disabled path validation due to issues #772 and #774
+        # Re-enable after fixing preview root path handling
+        # if not self._config.is_preview_path_allowed(resolved_str):
+        #     raise web.HTTPForbidden(text="Preview path is not within an allowed directory")
 
         if not resolved.is_file():
             logger.debug("Preview file not found at %s", resolved_str)