akirk
commented
4 months ago Thanks for letting me know, sorry about that! Of course, I thought we already did so. Was it only on the v2/tags point?
Closed avdi closed 3 months ago
akirk
commented
4 months ago Thanks for letting me know, sorry about that! Of course, I thought we already did so. Was it only on the v2/tags point?
avdi
commented
4 months ago Thanks for letting me know, sorry about that! Of course, I thought we already did so. Was it only on the v2/tags point?
FWIW I noticed just as I posted this that you just released a big update which my site had not yet updated at the time we did the debugging, so I can't confirm whether it's still an issue.
avdi
commented
4 months ago And I don't know how widespread the insertion is - I honestly wish I could spend more time testing but realistically it's going to be pretty back-burnered 😔 Thank you so much for the prompt response!
akirk
commented
4 months ago It is indeed something that was a problem prior to the release. I'll try to reproduce it with the old version and try it with the new one to see if it fixed it.
akirk
commented
3 months ago I confirmed that in 0.6.6, we were returning a {"error":"invalid_request","error_description":"Malformed auth header"} for HTTP Basic authentication, this is no longer the case in 0.9.0, so closing this. We'll reopen it if we get more evidence that this is still a problem in the current version. Thanks for the report!
In debugging an issue with access to FluentCRM on avdi.codes, we tracked down the insertion of a spurious error into FluentCRM API responses to the Oauth2 module inside this plugin. Example:
This was breaking external FluentCRM integrations.
Is it possible to ratchet down the scope of requests this OAuth2 code intercepts to only Mastodon emulation paths?