Fix draft listing on custom-domain / Cloudflare publications#8
Open
mattmillerai wants to merge 1 commit into
Open
Fix draft listing on custom-domain / Cloudflare publications#8mattmillerai wants to merge 1 commit into
mattmillerai wants to merge 1 commit into
Conversation
- getDrafts: use /api/v1/post_management/drafts (the endpoint the Substack
editor itself uses) with order_by/order_direction, and unwrap the
{ posts } response. The bare /api/v1/drafts collection returns
403 "Not authorized" on many publications.
- validateAuth: validate by listing via the same endpoint instead of the
dead /api/v1/drafts?limit=1.
- request(): default to a browser User-Agent (overridable via
SUBSTACK_USER_AGENT) and send Accept + Referer headers. Without a browser
UA, Cloudflare-fronted custom domains reject requests with 403 error 1010;
without a Referer, canonical *.substack.com API calls 301-redirect to the
custom domain and then 401.
- Add tests covering the endpoint, the posts[] unwrap, and the new headers.
- Document custom-domain / Cloudflare behavior and SUBSTACK_USER_AGENT.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
On Substack publications served via a custom domain (Cloudflare-fronted), the server can't list drafts even with a valid session token:
list_drafts/validateAuthcallGET /api/v1/drafts, which returns 403 "Not authorized" on these publications.undicirequest signature with 403error code: 1010("browser signature banned").*.substack.comhost, a missingReferercauses a 301 → custom domain → 401 redirect chase (the client usesredirect: "follow").Net effect: auth appears to "fail" when the token is actually fine.
Fix
getDrafts→GET /api/v1/post_management/drafts(the endpoint the Substack editor uses) with the requiredorder_by/order_directionparams; unwraps the{ posts }response shape.validateAuthvalidates by listing via the same endpoint instead of the dead/api/v1/drafts?limit=1.request()defaults to a browserUser-Agent(overridable viaSUBSTACK_USER_AGENT) and sendsAccept+Refererheaders, keeping canonical-host API calls first-party and served directly.Verification
Tested live against a custom-domain publication (custom domain → canonical
*.substack.com):validateAuth,list_drafts, andget_draftall succeed where they previously 401'd.npm run buildcleannpm test→ 96 passing (6 new: endpoint choice,posts[]unwrap, default + override headers)Notes
SUBSTACK_PUBLICATION_URLto the canonical*.substack.comhost (documented in the README).🤖 Generated with Claude Code