mastodon-bridge icon indicating copy to clipboard operation
mastodon-bridge copied to clipboard

Published 20 hours ago verified publisher icon mastodon

Linking to Mastodon fails cryptically when viewing it on a non-secure connection

Open Fiona opened this issue 7 years ago • 2 comments

Update: This cryptic bug happens if the user is not viewing the bridge under a secure connection. It should forward to a secure equivalent address.

[Previous bug]

Hi, linking to Twitter appeared to work, but linking to Mastodon failed. I'm presented with an input box with an oAuth logo in it, I enter my username and instance. ([email protected]). It then forwards me to a page that I've attached a screenshot of.

screen-2017-04-05_1035

The URL looks like this, with numbers that look like IDs removed. (Not sure what the security implications of them being viewable in public would be.)

https://mastodon.social/oauth/authorize?client_id=<CLIENT_ID>&redirect_uri=http%3A%2F%2Fmastodon-bridge.herokuapp.com%2Fusers%2Fauth%2Fmastodon%2Fcallback&response_type=code&scope=read+follow&state=<STATE_ID>

This is on Arch Linux, Firefox 51.0.1

Fiona avatar Apr 05 '17 09:04 Fiona

You need to use the https URL : https://mastodon-bridge.herokuapp.com/

gdurelle avatar Apr 06 '17 07:04 gdurelle

Fab! That did the job! I feel like this is still a bug then, it should attempt to forward to the https version if the connection isn't secure.

Fiona avatar Apr 06 '17 10:04 Fiona