🐛 Bug Report: /.well-known/openid-configuration endpoint has Content-Type as text/html #558

New Issue

Closed

opened 2026-02-04 20:27:39 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-04 20:27:39 +03:00

Owner

Copy Link

Originally created by @suyash01 on GitHub (Dec 1, 2025).

Reproduction steps

Run curl command and observe the headers

curl -I https://<my-domain>/.well-known/openid-configuration

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 01 Dec 2025 19:31:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2025
Connection: keep-alive
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Security-Policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'self'; img-src * blob:;font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'

Expected behavior

The Content-Type header should be text/html.

Actual Behavior

The Content-Type header is text/html.

Pocket ID Version

v1.16.0

Database

SQLite

OS and Environment

Debian GNU/Linux 13, Running on Proxmox LXC, Served via Nginx proxy manager.

Log Output

No response

Originally created by @suyash01 on GitHub (Dec 1, 2025). ### Reproduction steps Run curl command and observe the headers `curl -I https://<my-domain>/.well-known/openid-configuration` ``` HTTP/1.1 200 OK Server: openresty Date: Mon, 01 Dec 2025 19:31:26 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2025 Connection: keep-alive Access-Control-Allow-Headers: Authorization Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Origin: * Cache-Control: no-store Content-Security-Policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'self'; img-src * blob:;font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' ``` ### Expected behavior The `Content-Type` header should be `text/html`. ### Actual Behavior The `Content-Type` header is `text/html`. ### Pocket ID Version v1.16.0 ### Database SQLite ### OS and Environment Debian GNU/Linux 13, Running on Proxmox LXC, Served via Nginx proxy manager. ### Log Output _No response_

OVERLORD closed this issue 2026-02-04 20:27:44 +03:00

OVERLORD commented 2026-02-04 20:27:49 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub (Dec 2, 2025):

This happens because you use the -i flag which makes a HEAD instead of GET request to the endpoint. As a HEAD request doesn't run the actual handler logic in the backend the header gets set incorrectly. If you make a normal GET request the content type should be correct.

Do you actually encounter any issues or is this just something you've noticed?

@stonith404 commented on GitHub (Dec 2, 2025): This happens because you use the `-i` flag which makes a `HEAD` instead of `GET` request to the endpoint. As a `HEAD` request doesn't run the actual handler logic in the backend the header gets set incorrectly. If you make a normal `GET` request the content type should be correct. Do you actually encounter any issues or is this just something you've noticed?

OVERLORD commented 2026-02-04 20:27:53 +03:00

Author

Owner

Copy Link

@suyash01 commented on GitHub (Dec 2, 2025):

I was trying to integrate pocketid with pulse monitoring, but I am seeing the same error in pulse logs. Maybe they have not implemented it correctly?

I will try to dig deeper when I go home later today.

@suyash01 commented on GitHub (Dec 2, 2025): I was trying to integrate pocketid with pulse monitoring, but I am seeing the same error in pulse logs. Maybe they have not implemented it correctly? I will try to dig deeper when I go home later today.

OVERLORD commented 2026-02-04 20:27:57 +03:00

Author

Owner

Copy Link

@suyash01 commented on GitHub (Dec 2, 2025):

Closing as after doing some digging I figured out that they just needed the base URL instead of the complete discovery URL.

@suyash01 commented on GitHub (Dec 2, 2025): Closing as after doing some digging I figured out that they just needed the base URL instead of the complete discovery URL.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/email-verification

oidc-scopes

default-env-db-keys

slog-gorm

v2.2.0

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

bug

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#558