svemagie b54146ce5b fix(oauth): echo state parameter back in authorization redirect ...

OAuth 2.0 requires the server to echo the state parameter in the
callback redirect. Mastodon clients (e.g. murmel.social) send a
state value and fail with 'missing parameters' if it is absent.

Thread state through: GET query → session store → hidden form field
→ POST body → callback redirect (approve and deny paths).

2026-03-27 16:47:42 +01:00

..

entities

fix: comprehensive security, performance, and architecture audit fixes

2026-03-25 07:41:20 +01:00

helpers

merge: upstream c1a6f7e — Fedify 2.1.0, 5 FEPs, security/perf audit, v3.9.x

2026-03-27 09:30:34 +01:00

middleware

feat: add Mastodon Client API layer for Phanpy/Elk compatibility

2026-03-18 12:50:52 +01:00

routes

fix(oauth): echo state parameter back in authorization redirect

2026-03-27 16:47:42 +01:00

backfill-timeline.js

fix: comprehensive security, performance, and architecture audit fixes

2026-03-25 07:41:20 +01:00

router.js

fix(rate-limit): suppress ERR_ERL_PERMISSIVE_TRUST_PROXY behind nginx reverse proxy

2026-03-27 09:43:09 +01:00