Hi. I am the owner, and It's a good question.
Quanti Also wondering if it somehow forwards the gallery link by doing so and if that means that, theoretically, auth site owner could look up each gallery calling the js, meaning huge data privacy implications when not using a password protected gallery. Can you elaborate a bit on this?
When verifying via auth, then yes technically the referring website could be revealed. I honestly have no interest in that, but yes the calling website could easily be revealed.
Quanti Is there a way to license files.gallery without having it to call the auth site with every load?
Unfortunately, no. I have tried to think of a solution, without success. The moment I release Files Gallery "pre-licensed" (in some way), it will spread and that's the end. At that point, I may have little interest in continuing to support the project with updates.
You can only block the auth check by disabling the outgoing internet connection, in which case the auth will be considered licensed (because it can't can't connect). This is only a solution if you are on an intranet and/or can block outgoing calls via hostname for personal usage.
Actually, it doesn't call the auth on every load. Once authorized successfully, the result will get stored in browser localStorage, and won't get called again until you clear browser cookies/localStorage. Just to clarify.
In conclusion, if you are deeply concerned about privacy, then Files Gallery is probably not for you.