• 0 Posts
  • 32 Comments
Joined 11 months ago
cake
Cake day: February 10th, 2024

help-circle

  • a JSON parsing error is certainly unexpected. I wonder if you happen to be triggering some automatic Cloudflare WAF rule.

    could you try uploading the same file from a computer? before uploading, please open your browser dev tools (F12) and visit the network tab. it should show some more details in there. especially the response tab should show an actual error message. in the headers tab, you could also share the value of the cf-ray header with us and we can take a look at our logs. please be careful not to share everything you see in that network tab, as there are values visible there that allow taking over your lemmy account. specifically cookies and the jwt value; in some cases also an authorization header. cf-ray is not sensitive, it’s just an identifier associated with the individual request.

    feel free to pm me the cf-ray value rather than posting it publicly.






  • I haven’t seen the actual error message displayed, but “failed external validation” is definitely how the scanning process works.

    By illegal we are not referring to copyrighted content or anything like that, only much more serious things.

    Unfortunately, this will sometimes falsely identify content that should be allowed. In the past this would have silently erased the image shortly after the upload, with this only becoming noticeable days after the upload due to caching.






  • I wouldn’t say usually, but they can happen from time to time for a variety of reasons.

    It can be caused by overly aggressive WAF (web application firewall) configurations, proxy server misconfigurations, bugs in Lemmy and probably some more.

    Proxy server misconfiguration is a common one we’ve seen other instances have issues with from time to time, especially when it works between Lemmy instances but e.g. Mastodon -> Lemmy not working properly, as the proxy configuration would only be specifically matching Lemmys behavior rather than spec-compliant requests.

    Overly aggressive WAF configurations tend to usually being a result of instances being attacked/overloaded either by DDoS or aggressive AI service crawlers.

    Usually, when there are no configuration changes on either side, issues like this don’t just show up randomly.

    In this case, while there was a change on the lemmy.ml side and we don’t believe a change on our side fell into the time this started happening (we don’t have the exact date for when the underlying issue started happening), while the behavior on the sending side might have changed with the Lemmy update, and other instances might just randomly not be affected. We currently believe that this is likely just exposing an issue on our end that already existed prior to changes on lemmy.ml, except the specific logic was previously not used.