Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove trailing slash for LastFM auth URLs to avoid a redirect. #6429

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

uqs
Copy link
Contributor

@uqs uqs commented Nov 1, 2019

Also add better error logging while here. This will at least spit out
SSLHandshake errors and avoids parsing an empty reply if the request
fails.

This is fallout from issue #5993

Also add better error logging while here. This will at least spit out
SSLHandshake errors and avoids parsing an empty reply if the request
fails.

This is fallout from issue #5993
@uqs
Copy link
Contributor Author

uqs commented Dec 15, 2019

This is now ready to be merged, anyone?

@@ -174,20 +175,28 @@ void LastFMService::Authenticate() {
NewClosure(reply, SIGNAL(finished()), this, SLOT(AuthenticateReplyFinished(QNetworkReply*)), reply);
});

qLog(Debug) << "auth URL:" << url.toString();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you remove the logging for non-errors here and below?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found these very helpful when trying to debug my authentication problem. Note that In case openUrl fails the URL is also being logged. This is also happening just once during the auth phase, so it's not adding undue log volume or anything.

As I said, it was helpful to see what my browser was returning for these URLs and they might help someone to not have to read the code.

Could you expand why you think they should be removed?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should avoid logging potentially sensitive data, e.g., tokens, oauth codes, etc. as people often post full logs here.

It's easy enough to add this back in later when developing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants