summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--deploy/food.tomflux.xyz.nginx7
1 files changed, 7 insertions, 0 deletions
diff --git a/deploy/food.tomflux.xyz.nginx b/deploy/food.tomflux.xyz.nginx
index 0d4a357..87172cc 100644
--- a/deploy/food.tomflux.xyz.nginx
+++ b/deploy/food.tomflux.xyz.nginx
@@ -44,6 +44,13 @@ server {
proxy_read_timeout 3600s;
}
+ # OAuth-discovery probes MUST 404, not fall through to the /app/ login
+ # redirect. Otherwise claude.ai's connector flow sees the login page at
+ # /.well-known/oauth-* , thinks the server has an OAuth sign-in service,
+ # tries Dynamic Client Registration, and fails ("Couldn't register with
+ # ... sign-in service"). A 404 here makes it treat the server as authless.
+ location /.well-known/ { return 404; }
+
location / {
return 301 /app/;
}