Pinafore cannot add an instance when the user is otherwise logged in to the Pleroma mastodon interface
I run my own pinafore instance but this also has been observed using https://pleroma.social
My pleroma instance tracks develop
and got updated to 3b1bc079 successfully. (This problem has ocurred also before upgrade, it never worked with this instance).
Pleroma log while trying to authenticate:
https://gist.github.com/saper/299b400611653c4564a05a6320162410
Pinafore starts with a POST request to https://word.builders/api/v1/apps
curl 'https://word.builders/api/v1/apps' -H 'User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:69.0) Gecko/20100101 Firefox/69.0' -H 'Accept: application/json' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Content-Type: application/json' -H 'Origin: http://m.saper.info:4002' -H 'DNT: 1' -H 'Connection: keep-alive' --data '{"client_name":"Pinafore","redirect_uris":"http://m.saper.info:4002/settings/instances/add","scopes":"read write follow push","website":"https://pinafore.social"}'
It gets its secrets:
{"client_id":"MLwGCLYW0w0Q7YSm_dflkkqqA3cZ86UTZgPsA8iST5s","client_secret":"Ud_FlERPkSK9WCE4ViChoPCnCnrKMtXOV_7hzxWkE8k","id":"51","name":"Pinafore","redirect_uri":"http://m.saper.info:4002/settings/instances/add","website":"https://pinafore.social","vapid_key":"BAHb3-7GlOlJRHZR-ArzTMSTlavNtC3kNoH-q3e_O2CBAZHBY_JsxUux4S29p6q5a--dmA173iFfaX2E60dDmww"
Pinafore asks for instance information:
curl 'https://word.builders/api/v1/instance' -H 'User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:69.0) Gecko/20100101 Firefox/69.0' -H 'Accept: application/json' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Origin: http://m.saper.info:4002' -H 'DNT: 1' -H 'Connection: keep-alive'
And receives:
{
"avatar_upload_limit": 2000000,
"background_upload_limit": 4000000,
"banner_upload_limit": 4000000,
"description": "A Pleroma instance, an alternative fediverse server",
"email": "saper@saper.info",
"languages": [
"en"
],
"max_toot_chars": 5000,
"poll_limits": {
"max_expiration": 31536000,
"max_option_chars": 200,
"max_options": 20,
"min_expiration": 0
},
"registrations": false,
"stats": {
"domain_count": 2138,
"status_count": 1148,
"user_count": 2
},
"thumbnail": "https://word.builders/instance/thumbnail.jpeg",
"title": "Marcin's private instance",
"upload_limit": 16000000,
"uri": "https://word.builders",
"urls": {
"streaming_api": "wss://word.builders"
},
"version": "2.7.2 (compatible; Pleroma 1.0.0-1466-g3b1bc079-develop+dev)"
}
And then:
curl 'https://word.builders/oauth/authorize?client_id=MLwGCLYW0w0Q7YSm_dflkkqqA3cZ86UTZgPsA8iST5s&redirect_uri=http%3A%2F%2Fm.saper.info%3A4002%2Fsettings%2Finstances%2Fadd&response_type=code&scope=read%20write%20follow%20push' -H 'User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:69.0) Gecko/20100101 Firefox/69.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: pleroma_key=SFMyNTY.g3QAAAAEbQAAAAtvYXV0aF90b2tlbm0AAAArUXdkUHV5RU9uTXRQWXRaazlzLTdObzBqbGNSRERNbV9lc0RhQWtCNWJfQW0AAAANcGhvZW5peF9mbGFzaHQAAAABbQAAAAVlcnJvcm0AAAAWVW5saXN0ZWQgcmVkaXJlY3RfdXJpLm0AAAAJcmV0dXJuX3RvbQAAAAQvd2VibQAAAAd1c2VyX2lkbQAAAAEx.s5tAspYQ9WczisRGI7g251NOskdiOx4I5vuxY0ooKvc' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'
For which the HTTP response is:
HTTP/2.0 302 Found
server: nginx/1.16.1
date: Mon, 14 Oct 2019 23:19:01 GMT
content-type: text/html; charset=utf-8
content-length: 113
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id,Idempotency-Key
cache-control: max-age=0, private, must-revalidate
content-security-policy: default-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; connect-src 'self' https://word.builders wss://word.builders http://localhost:3035/; script-src 'self' 'unsafe-eval'; upgrade-insecure-requests;
location: http://m.saper.info:4002/settings/instances/add
referrer-policy: same-origin
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: DENY
x-permitted-cross-domain-policies: none
x-request-id: Fc2mtPWfwl_DBsQAAAdi
x-xss-protection: 1; mode=block
set-cookie: pleroma_key=SFMyNTY.g3QAAAAEbQAAAAtvYXV0aF90b2tlbm0AAAArUXdkUHV5RU9uTXRQWXRaazlzLTdObzBqbGNSRERNbV9lc0RhQWtCNWJfQW0AAAANcGhvZW5peF9mbGFzaHQAAAABbQAAAAVlcnJvcm0AAAAWVW5saXN0ZWQgcmVkaXJlY3RfdXJpLm0AAAAJcmV0dXJuX3RvbQAAAAQvd2VibQAAAAd1c2VyX2lkbQAAAAEx.s5tAspYQ9WczisRGI7g251NOskdiOx4I5vuxY0ooKvc; path=/; HttpOnly; SameSite=Lax
X-Firefox-Spdy: h2
I am logged in to https://word.builders mastodon interface using the same browser. It DOES not happen in the blank new browser profile.