Redlib uses undocumented private API endpoints for OAuth spoofing. This API is subject to change without warning, which can break Redlib (see #229). Currently, there is no descriptive error messages or logging, apart from the basics, such as the HTTP status code. For debugging, it is essential to have more information, such as request and response headers.

There are two ways to do this:

1.) Programmatic logging. The internal http library can log its request/response data structure as soon as it is constructed. I have not looked further into this.

2.) Https sniffer. This involves adding a self-signed CA certificate to the host, Redlib trusting that certificate, and proxying Redlib through a https sniffer proxy which uses that certificate to communicate with Redlib. This can be done manually, but is very inconvenient. I suggest adding a feature flag (or command-line flag) to Redlib which disables https verification (maybe enable this feature it by default for debug builds — but consider security), which will make Redlib ready to plug in into any https sniffer software through the built-in socks proxy feature.

No 1., I think, is a symptom of a wider issue which is a consequence of a silly "no logs" privacy policy and unidiomatic internal data and error structures, and hence way out of scope.

No 2. is simple to implement, without affecting regular hosts. I would also like to placate any privacy concerns with No. 2 in advance: it's a simple patch to just disable certificate verification — it does not introduce a logger into the project; any sufficiently determined (the level of sufficiency is just a tad above convenience) instance could use a sniffer with the current code base.

I would like input from the maintainers and the community on:

• Is 1. feasible, and is the logging features better than 2.? HTTPS sniffers are a competitive niche, mature, and full of features which a stderr log will not match.
• If 1. is feasible, and though I disagree with those policies, 1. would violate the historical privacy stance of Redlib and Libreddit. Now what?
• For 2.: feature flag, or command line flag? Default in debug builds? Feature flag which enables the command-line flag, and is default in debug builds?
• Could 2. be made even easier with a container image?