nknaian
commented
3 years ago So. It seems like the spotify authorization code can sometimes look like hex sometimes and that flags dreamhost's security rules. At the least we need a good error page for this. It would be nice to prevent it from being mistaken...perhaps through adding http://accounts.spotify.com to the whitelist
When logging in the first time, one user experienced an interal server error. On the backend we got this: " App 16906 stderr: [ pid=16906, time=2021-09-08 19:20:34,891 ]: Couldn't read cache at: .spotify_user_caches/fc2fcd35-3350-4949-b85c-8dc7be94dcb5 [Wed Sep 08 19:20:58.972825 2021] [:error] [pid 12405:tid 140230868850432] [client 172.58.223.118:59653] [client 172.58.223.118] ModSecurity: Access denied with code 418 (phase 1). Pattern match "(?i:(?:\\A|[^\\d])0x[a-f\\d]{3,}[a-f\\d]*)+" at ARGS:code. [file "/dh/apache2/template/etc/mod_sec3_CRS/99_dreamhost_rules.conf"] [line "334"] [id "1990091"] [msg "SQL Hex Encoding Identified"] [hostname "musicrecs.net"] [uri "/sp_auth_complete"] [unique_id "YTlvimRORE2HDYJRZIj8MgAAAAE"], referer: https://accounts.spotify.com/en/authorize?scope=playlist-modify-public&response_type=code&redirect_uri=https:%2F%2Fmusicrecs.net%2Fsp_auth_complete&client_id=4a035e36137c43d2903bfc2a6d94045c&show_dialog=True "