mig5

Given that it no longer works when sending an Authorization header with the client_id as the username, it begs the question: what exactly is the point of the allowed_cors_origins parameter...

Re-reading https://github.com/ory/hydra/issues/1754 > I'm wondering what the solution here is? Is it ok to return, on OPTIONS, always true and only restrict the CORS behaviour when the actual GET/POST/... request...

OK, sorry for the noise. I re-read https://www.ory.sh/docs/hydra/guides/cors > Some endpoints (/oauth2/token, /userinfo, /oauth2/revoke) also include URLs listed in field allowed_cors_origins of the OAuth 2.0 Client that is making the...

I think the issue is that it only works if you set the origin URL in the *global* configuration. > If I set https://my-rp-site.com/ in the global Hydra CORS variable...

I think this is a duplicate of #1510 which also shows an issue with gevent on ArchLinux. So I'm going to close this not because it's invalid but because the...

This should be addressed by #1969 when we do the final packaging for the 2.6.3 release. I will make sure to check it.

@thechoppinghand the error suggests either the onion address entered is incorrect, or the onion service is no longer running (or you are somehow not connected to Tor due to some...

Sorry, but OnionShare Website mode will always be limited to static HTML sites. There is already a tool to create an onion address that effectively 'proxies' any clearnet site, dynamic...

Please re-open this issue if you find that clicking 'Don't send default Content Security Policy' in Website mode didn't improve your issue. If it does solve the issue, it confirms...

Hi @LordMZTE, thanks for the report. Unfortunately (or fortunately) I can't reproduce it on Debian Bookworm. I can connect with the socket file or the control port just fine. So,...