diff options
| -rw-r--r-- | deploy/food.tomflux.xyz.nginx | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/deploy/food.tomflux.xyz.nginx b/deploy/food.tomflux.xyz.nginx index 0d4a357..87172cc 100644 --- a/deploy/food.tomflux.xyz.nginx +++ b/deploy/food.tomflux.xyz.nginx @@ -44,6 +44,13 @@ server { proxy_read_timeout 3600s; } + # OAuth-discovery probes MUST 404, not fall through to the /app/ login + # redirect. Otherwise claude.ai's connector flow sees the login page at + # /.well-known/oauth-* , thinks the server has an OAuth sign-in service, + # tries Dynamic Client Registration, and fails ("Couldn't register with + # ... sign-in service"). A 404 here makes it treat the server as authless. + location /.well-known/ { return 404; } + location / { return 301 /app/; } |
