POST https://kbin.spritesserver.nl/f/inbox

Response
200 OK
IP
162.55.240.75
Profiled on
Token
dd1f4a

SharedInboxController

Request

GET Parameters

None

POST Parameters

None

Uploaded Files

None

Request Attributes

Key Value
_controller 
"App\Controller\ActivityPub\SharedInboxController"
_firewall_context 
"security.firewall.map.context.main"
_route 
"ap_shared_inbox"
_route_params 
[]
_security_firewall_run 
"_security_main"
_stopwatch_token 
"48f28e"

Request Headers

Header Value
accept 
"*/*"
accept-encoding 
"gzip"
content-length 
"5723"
content-type 
"application/activity+json"
date 
"Wed, 12 Nov 2025 01:40:25 GMT"
digest 
"SHA-256=Dl7Th4Ejhu8oPEC+fZJZl++GTmgSB3OneqU1J9W7AbU="
host 
"kbin.spritesserver.nl"
signature 
"keyId="https://programming.dev/c/programmer_humor#main-key",algorithm="hs2019",headers="(request-target) content-type date digest host",signature="lDhkMJzXYxab2MSSAVqHUGPUJJ/r66CeGx7tofUkWOAGnzNjAuTggD+PKKDRMSI3Z9sXOmDrRt1FvnCR6LsTSUtguwNOoNP6Duh+lsCqwbBxVdZ8g9pVwsWPGBkfVT2lNHiv27DPZYeM9KXwjtlbu8dPwZi0suko8QIe5VTj0OPZNw43zpi/1bpKAjw/XRq0O8pDANKmeWmdPyFlMh1wImBE0IZBIiR9e0vkZnSKraL9N3X/Xx45SGTD42jBRlmnha3kmxQXNF8kQw9BgXbiJd6KL2+KPjlFHi/MSHelYBJEB2mbPr7i0eLoLo8MFjyqOLNo/B02V4VtCXqxwoH2aA==""
user-agent 
"Lemmy/0.19.13; +https://programming.dev"
x-php-ob-level 
"1"

Request Content

Pretty

{
    "@context": [
        "https:\/\/join-lemmy.org\/context.json",
        "https:\/\/www.w3.org\/ns\/activitystreams"
    ],
    "actor": "https:\/\/programming.dev\/c\/programmer_humor",
    "to": [
        "https:\/\/www.w3.org\/ns\/activitystreams#Public"
    ],
    "object": {
        "id": "https:\/\/lemmy.cafe\/activities\/update\/5ed80b35-3d7b-4a32-990c-df0fc8a59d61",
        "actor": "https:\/\/lemmy.cafe\/u\/adminofoz",
        "@context": [
            "https:\/\/join-lemmy.org\/context.json",
            "https:\/\/www.w3.org\/ns\/activitystreams"
        ],
        "to": [
            "https:\/\/www.w3.org\/ns\/activitystreams#Public"
        ],
        "object": {
            "type": "Note",
            "id": "https:\/\/lemmy.cafe\/comment\/14470760",
            "attributedTo": "https:\/\/lemmy.cafe\/u\/adminofoz",
            "to": [
                "https:\/\/www.w3.org\/ns\/activitystreams#Public"
            ],
            "cc": [
                "https:\/\/programming.dev\/c\/programmer_humor",
                "https:\/\/lemmy.world\/u\/themaninblack"
            ],
            "content": "<p>By no means am I the microservices guy. Im more of a self hosted person than anything and used to always be a monolith guy and would still prefer that in many situations. But now I would at least \u201cwrap\u201d the monolith with supplemental self hosted microservices.<\/p>\n<p>But this is the logic as I understand it and the key thing. If a malicious actor compromises one utility they likely made a lot of noise doing it, a lot of that can be mitigated with a proactive WAF. There are a few free solutions here\nCrowdsec WAF (ModSecurity, i think is another, working from memory could be wrong) has a decent signature detection and shared banned list.  If you couple it with proper alerting you should be able to see, watch and isolate attackers in near real time. So even if they get the gateway and you messed up alerting on WAF, you still have your fall back EDR alert for when gatewayUser starts issuing ping commands and performing asset discovery. So  should see it days before then (unless 0 day or nation state etc).<\/p>\n<p>They will still do damage you are absolutely right. But let\u2019s assume a three tiered microservice approach where you have something like pocketdb for Auth, Umami for analytics and postgres for paid api data. Now an issue in pocketbase can absolutely ruin you. But you know what wont ruin you. Metadata storage of their profile picture in postgres. Sure one user gets access to your paid api data but they don\u2019t have your user data and no one else is impacted.<\/p>\n<p>Additionally look at actual CVEs related to pocketbase and you will find a lot to do with OATH so its simple. Disable OATH for best security. Put a waf in front of your app using something like traefik with crowdsec catch bad actors when they try to abuse your non existent OATH endpoint and ban them instantly.<\/p>\n<p>Is it perfect, no. Any determined actor will find a way into any system given enough time. But a layered approach like this is best in my opinion.  Of course it needs modified for every system this is just one example.<\/p>\n",
            "inReplyTo": "https:\/\/lemmy.world\/comment\/20444139",
            "mediaType": "text\/html",
            "source": {
                "content": "By no means am I the microservices guy. Im more of a self hosted person than anything and used to always be a monolith guy and would still prefer that in many situations. But now I would at least \"wrap\" the monolith with supplemental self hosted microservices. \n\nBut this is the logic as I understand it and the key thing. If a malicious actor compromises one utility they likely made a lot of noise doing it, a lot of that can be mitigated with a proactive WAF. There are a few free solutions here\n Crowdsec WAF (ModSecurity, i think is another, working from memory could be wrong) has a decent signature detection and shared banned list.  If you couple it with proper alerting you should be able to see, watch and isolate attackers in near real time. So even if they get the gateway and you messed up alerting on WAF, you still have your fall back EDR alert for when gatewayUser starts issuing ping commands and performing asset discovery. So  should see it days before then (unless 0 day or nation state etc).  \n\nThey will still do damage you are absolutely right. But let's assume a three tiered microservice approach where you have something like pocketdb for Auth, Umami for analytics and postgres for paid api data. Now an issue in pocketbase can absolutely ruin you. But you know what wont ruin you. Metadata storage of their profile picture in postgres. Sure one user gets access to your paid api data but they don't have your user data and no one else is impacted. \n\nAdditionally look at actual CVEs related to pocketbase and you will find a lot to do with OATH so its simple. Disable OATH for best security. Put a waf in front of your app using something like traefik with crowdsec catch bad actors when they try to abuse your non existent OATH endpoint and ban them instantly.\n\nIs it perfect, no. Any determined actor will find a way into any system given enough time. But a layered approach like this is best in my opinion.  Of course it needs modified for every system this is just one example. ",
                "mediaType": "text\/markdown"
            },
            "published": "2025-11-12T01:00:02.131575Z",
            "updated": "2025-11-12T01:39:58.008023Z",
            "tag": [
                {
                    "href": "https:\/\/lemmy.world\/u\/themaninblack",
                    "name": "@themaninblack@lemmy.world",
                    "type": "Mention"
                }
            ],
            "distinguished": false,
            "language": {
                "identifier": "en",
                "name": "English"
            },
            "audience": "https:\/\/programming.dev\/c\/programmer_humor",
            "attachment": []
        },
        "cc": [
            "https:\/\/programming.dev\/c\/programmer_humor",
            "https:\/\/lemmy.world\/u\/themaninblack"
        ],
        "tag": [
            {
                "href": "https:\/\/lemmy.world\/u\/themaninblack",
                "name": "@themaninblack@lemmy.world",
                "type": "Mention"
            }
        ],
        "type": "Update",
        "audience": "https:\/\/programming.dev\/c\/programmer_humor"
    },
    "cc": [
        "https:\/\/programming.dev\/c\/programmer_humor\/followers"
    ],
    "type": "Announce",
    "id": "https:\/\/programming.dev\/activities\/announce\/update\/d78b7aa9-9a04-4f15-a1d4-8e43e409f8a8"
}

Raw

{"@context":["https://join-lemmy.org/context.json","https://www.w3.org/ns/activitystreams"],"actor":"https://programming.dev/c/programmer_humor","to":["https://www.w3.org/ns/activitystreams#Public"],"object":{"id":"https://lemmy.cafe/activities/update/5ed80b35-3d7b-4a32-990c-df0fc8a59d61","actor":"https://lemmy.cafe/u/adminofoz","@context":["https://join-lemmy.org/context.json","https://www.w3.org/ns/activitystreams"],"to":["https://www.w3.org/ns/activitystreams#Public"],"object":{"type":"Note","id":"https://lemmy.cafe/comment/14470760","attributedTo":"https://lemmy.cafe/u/adminofoz","to":["https://www.w3.org/ns/activitystreams#Public"],"cc":["https://programming.dev/c/programmer_humor","https://lemmy.world/u/themaninblack"],"content":"<p>By no means am I the microservices guy. Im more of a self hosted person than anything and used to always be a monolith guy and would still prefer that in many situations. But now I would at least “wrap” the monolith with supplemental self hosted microservices.</p>\n<p>But this is the logic as I understand it and the key thing. If a malicious actor compromises one utility they likely made a lot of noise doing it, a lot of that can be mitigated with a proactive WAF. There are a few free solutions here\nCrowdsec WAF (ModSecurity, i think is another, working from memory could be wrong) has a decent signature detection and shared banned list.  If you couple it with proper alerting you should be able to see, watch and isolate attackers in near real time. So even if they get the gateway and you messed up alerting on WAF, you still have your fall back EDR alert for when gatewayUser starts issuing ping commands and performing asset discovery. So  should see it days before then (unless 0 day or nation state etc).</p>\n<p>They will still do damage you are absolutely right. But let’s assume a three tiered microservice approach where you have something like pocketdb for Auth, Umami for analytics and postgres for paid api data. Now an issue in pocketbase can absolutely ruin you. But you know what wont ruin you. Metadata storage of their profile picture in postgres. Sure one user gets access to your paid api data but they don’t have your user data and no one else is impacted.</p>\n<p>Additionally look at actual CVEs related to pocketbase and you will find a lot to do with OATH so its simple. Disable OATH for best security. Put a waf in front of your app using something like traefik with crowdsec catch bad actors when they try to abuse your non existent OATH endpoint and ban them instantly.</p>\n<p>Is it perfect, no. Any determined actor will find a way into any system given enough time. But a layered approach like this is best in my opinion.  Of course it needs modified for every system this is just one example.</p>\n","inReplyTo":"https://lemmy.world/comment/20444139","mediaType":"text/html","source":{"content":"By no means am I the microservices guy. Im more of a self hosted person than anything and used to always be a monolith guy and would still prefer that in many situations. But now I would at least \"wrap\" the monolith with supplemental self hosted microservices. \n\nBut this is the logic as I understand it and the key thing. If a malicious actor compromises one utility they likely made a lot of noise doing it, a lot of that can be mitigated with a proactive WAF. There are a few free solutions here\n Crowdsec WAF (ModSecurity, i think is another, working from memory could be wrong) has a decent signature detection and shared banned list.  If you couple it with proper alerting you should be able to see, watch and isolate attackers in near real time. So even if they get the gateway and you messed up alerting on WAF, you still have your fall back EDR alert for when gatewayUser starts issuing ping commands and performing asset discovery. So  should see it days before then (unless 0 day or nation state etc).  \n\nThey will still do damage you are absolutely right. But let's assume a three tiered microservice approach where you have something like pocketdb for Auth, Umami for analytics and postgres for paid api data. Now an issue in pocketbase can absolutely ruin you. But you know what wont ruin you. Metadata storage of their profile picture in postgres. Sure one user gets access to your paid api data but they don't have your user data and no one else is impacted. \n\nAdditionally look at actual CVEs related to pocketbase and you will find a lot to do with OATH so its simple. Disable OATH for best security. Put a waf in front of your app using something like traefik with crowdsec catch bad actors when they try to abuse your non existent OATH endpoint and ban them instantly.\n\nIs it perfect, no. Any determined actor will find a way into any system given enough time. But a layered approach like this is best in my opinion.  Of course it needs modified for every system this is just one example. ","mediaType":"text/markdown"},"published":"2025-11-12T01:00:02.131575Z","updated":"2025-11-12T01:39:58.008023Z","tag":[{"href":"https://lemmy.world/u/themaninblack","name":"@themaninblack@lemmy.world","type":"Mention"}],"distinguished":false,"language":{"identifier":"en","name":"English"},"audience":"https://programming.dev/c/programmer_humor","attachment":[]},"cc":["https://programming.dev/c/programmer_humor","https://lemmy.world/u/themaninblack"],"tag":[{"href":"https://lemmy.world/u/themaninblack","name":"@themaninblack@lemmy.world","type":"Mention"}],"type":"Update","audience":"https://programming.dev/c/programmer_humor"},"cc":["https://programming.dev/c/programmer_humor/followers"],"type":"Announce","id":"https://programming.dev/activities/announce/update/d78b7aa9-9a04-4f15-a1d4-8e43e409f8a8"}

Response

Response Headers

Header Value
cache-control 
"no-cache, private"
content-type 
"application/activity+json"
date 
"Wed, 12 Nov 2025 01:40:26 GMT"
x-debug-token 
"dd1f4a"

Cookies

Request Cookies

No request cookies

Response Cookies

No response cookies

Session 1

Session Metadata

No session metadata

Session Attributes

No session attributes

Session Usage

1 Usages
Stateless check enabled
Usage
Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage:41
Show trace 
[
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/security-core/Authentication/Token/Storage/UsageTrackingTokenStorage.php"
    "line" => 41
    "function" => "getMetadataBag"
    "class" => "Symfony\Component\HttpFoundation\Session\Session"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/security-http/Authenticator/RememberMeAuthenticator.php"
    "line" => 69
    "function" => "getToken"
    "class" => "Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/security-http/Authentication/AuthenticatorManager.php"
    "line" => 111
    "function" => "supports"
    "class" => "Symfony\Component\Security\Http\Authenticator\RememberMeAuthenticator"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/security-http/Firewall/AuthenticatorManagerListener.php"
    "line" => 34
    "function" => "supports"
    "class" => "Symfony\Component\Security\Http\Authentication\AuthenticatorManager"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/security-http/Authenticator/Debug/TraceableAuthenticatorManagerListener.php"
    "line" => 40
    "function" => "supports"
    "class" => "Symfony\Component\Security\Http\Firewall\AuthenticatorManagerListener"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/security-bundle/Debug/WrappedLazyListener.php"
    "line" => 38
    "function" => "supports"
    "class" => "Symfony\Component\Security\Http\Authenticator\Debug\TraceableAuthenticatorManagerListener"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/security-http/Firewall/AbstractListener.php"
    "line" => 25
    "function" => "supports"
    "class" => "Symfony\Bundle\SecurityBundle\Debug\WrappedLazyListener"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/security-bundle/Security/LazyFirewallContext.php"
    "line" => 60
    "function" => "__invoke"
    "class" => "Symfony\Component\Security\Http\Firewall\AbstractListener"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/security-bundle/Debug/TraceableFirewallListener.php"
    "line" => 80
    "function" => "__invoke"
    "class" => "Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/security-http/Firewall.php"
    "line" => 95
    "function" => "callListeners"
    "class" => "Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/event-dispatcher/Debug/WrappedListener.php"
    "line" => 116
    "function" => "onKernelRequest"
    "class" => "Symfony\Component\Security\Http\Firewall"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/event-dispatcher/EventDispatcher.php"
    "line" => 220
    "function" => "__invoke"
    "class" => "Symfony\Component\EventDispatcher\Debug\WrappedListener"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/event-dispatcher/EventDispatcher.php"
    "line" => 56
    "function" => "callListeners"
    "class" => "Symfony\Component\EventDispatcher\EventDispatcher"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php"
    "line" => 139
    "function" => "dispatch"
    "class" => "Symfony\Component\EventDispatcher\EventDispatcher"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/http-kernel/HttpKernel.php"
    "line" => 157
    "function" => "dispatch"
    "class" => "Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/http-kernel/HttpKernel.php"
    "line" => 76
    "function" => "handleRaw"
    "class" => "Symfony\Component\HttpKernel\HttpKernel"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/http-kernel/Kernel.php"
    "line" => 197
    "function" => "handle"
    "class" => "Symfony\Component\HttpKernel\HttpKernel"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php"
    "line" => 35
    "function" => "handle"
    "class" => "Symfony\Component\HttpKernel\Kernel"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/vendor/autoload_runtime.php"
    "line" => 29
    "function" => "run"
    "class" => "Symfony\Component\Runtime\Runner\Symfony\HttpKernelRunner"
    "type" => "->"
  ]
  [
    "file" => "/var/www/kbin/kbin/public/index.php"
    "line" => 7
    "args" => [
      "/var/www/kbin/kbin/vendor/autoload_runtime.php"
    ]
    "function" => "require_once"
  ]
]

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
APP_ENV 
"dev"
APP_SECRET 
"82ce1339a6c267e28d1f1dcb37a7454c"
CORS_ALLOW_ORIGIN 
"^https?://(kbin.localhost|127\.0\.0\.1)(:[0-9]+)?$"
DATABASE_URL 
"postgresql://kbin:917eaa3d703f19d123@127.0.0.1:5433/kbin?serverVersion=15&charset=utf8"
HCAPTCHA_SECRET 
""
HCAPTCHA_SITE_KEY 
""
JWT_PASSPHRASE 
""
JWT_PUBLIC_KEY 
"%kernel.project_dir%/config/jwt/public.pem"
JWT_SECRET_KEY 
"%kernel.project_dir%/config/jwt/private.pem"
KBIN_ADMIN_ONLY_OAUTH_CLIENTS 
"false"
KBIN_API_ITEMS_PER_PAGE 
"25"
KBIN_CAPTCHA_ENABLED 
"false"
KBIN_CONTACT_EMAIL 
"kbin@j0h.nl"
KBIN_DEFAULT_LANG 
"en"
KBIN_DOMAIN 
"kbin.spritesserver.nl"
KBIN_FEDERATION_ENABLED 
"true"
KBIN_FEDERATION_PAGE_ENABLED 
"true"
KBIN_HEADER_LOGO 
"false"
KBIN_JS_ENABLED 
"true"
KBIN_META_DESCRIPTION 
"a private kbin install"
KBIN_META_KEYWORDS 
"kbin, content agregator, open source, fediverse"
KBIN_META_TITLE 
"Sprites kbin instance"
KBIN_REGISTRATIONS_ENABLED 
"true"
KBIN_SENDER_EMAIL 
"kbin@j0h.nl"
KBIN_STORAGE_URL 
"https://kbin.spritesserver.nl/media/"
KBIN_TITLE 
"/kbin"
LOCK_DSN 
"flock"
MAILER_DSN 
"smtp://spritesmods.com"
MERCURE_JWT_SECRET 
"231e9a1277f5585d52aa0b1e34c0f984xxxx"
MERCURE_PUBLIC_URL 
"https://kbin.spritesserver.nl/.well-known/mercure"
MERCURE_URL 
"http://localhost:3000/.well-known/mercure"
MESSENGER_TRANSPORT_DSN 
"doctrine://default"
OAUTH_FACEBOOK_ID 
""
OAUTH_FACEBOOK_SECRET 
""
OAUTH_GITHUB_ID 
""
OAUTH_GITHUB_SECRET 
""
OAUTH_GOOGLE_ID 
""
OAUTH_GOOGLE_SECRET 
""
POSTGRES_DB 
"kbin"
POSTGRES_PASSWORD 
"917eaa3d703f19d123"
POSTGRES_USER 
"kbin"
POSTGRES_VERSION 
"15"
REDIS_DNS 
"redis://uSJBDOQfuOMgt8kyGhpUzViTnQSEdEJTsOIsYSsg3v40v@localhost"
REDIS_PASSWORD 
"uSJBDOQfuOMgt8kyGhpUzViTnQSEdEJTsOIsYSsg3v40v"
S3_BUCKET 
"media.karab.in"
S3_KEY 
""
S3_REGION 
"eu-central-1"
S3_SECRET 
""
S3_VERSION 
"latest"

Defined as regular env variables

Key Value
APP_DEBUG 
"1"
CONTENT_LENGTH 
"5723"
CONTENT_TYPE 
"application/activity+json"
CONTEXT_DOCUMENT_ROOT 
"/var/www/kbin/kbin/public"
CONTEXT_PREFIX 
""
DOCUMENT_ROOT 
"/var/www/kbin/kbin/public"
GATEWAY_INTERFACE 
"CGI/1.1"
HTTPS 
"on"
HTTP_ACCEPT 
"*/*"
HTTP_ACCEPT_ENCODING 
"gzip"
HTTP_DATE 
"Wed, 12 Nov 2025 01:40:25 GMT"
HTTP_DIGEST 
"SHA-256=Dl7Th4Ejhu8oPEC+fZJZl++GTmgSB3OneqU1J9W7AbU="
HTTP_HOST 
"kbin.spritesserver.nl"
HTTP_SIGNATURE 
"keyId="https://programming.dev/c/programmer_humor#main-key",algorithm="hs2019",headers="(request-target) content-type date digest host",signature="lDhkMJzXYxab2MSSAVqHUGPUJJ/r66CeGx7tofUkWOAGnzNjAuTggD+PKKDRMSI3Z9sXOmDrRt1FvnCR6LsTSUtguwNOoNP6Duh+lsCqwbBxVdZ8g9pVwsWPGBkfVT2lNHiv27DPZYeM9KXwjtlbu8dPwZi0suko8QIe5VTj0OPZNw43zpi/1bpKAjw/XRq0O8pDANKmeWmdPyFlMh1wImBE0IZBIiR9e0vkZnSKraL9N3X/Xx45SGTD42jBRlmnha3kmxQXNF8kQw9BgXbiJd6KL2+KPjlFHi/MSHelYBJEB2mbPr7i0eLoLo8MFjyqOLNo/B02V4VtCXqxwoH2aA==""
HTTP_USER_AGENT 
"Lemmy/0.19.13; +https://programming.dev"
PATH 
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
PHP_SELF 
"/index.php"
QUERY_STRING 
""
REDIRECT_HTTPS 
"on"
REDIRECT_SSL_CIPHER 
"TLS_AES_256_GCM_SHA384"
REDIRECT_SSL_CIPHER_ALGKEYSIZE 
"256"
REDIRECT_SSL_CIPHER_EXPORT 
"false"
REDIRECT_SSL_CIPHER_USEKEYSIZE 
"256"
REDIRECT_SSL_CLIENT_VERIFY 
"NONE"
REDIRECT_SSL_COMPRESS_METHOD 
"NULL"
REDIRECT_SSL_PROTOCOL 
"TLSv1.3"
REDIRECT_SSL_SECURE_RENEG 
"true"
REDIRECT_SSL_SERVER_A_KEY 
"rsaEncryption"
REDIRECT_SSL_SERVER_A_SIG 
"sha256WithRSAEncryption"
REDIRECT_SSL_SERVER_I_DN 
"CN=R13,O=Let's Encrypt,C=US"
REDIRECT_SSL_SERVER_I_DN_C 
"US"
REDIRECT_SSL_SERVER_I_DN_CN 
"R13"
REDIRECT_SSL_SERVER_I_DN_O 
"Let's Encrypt"
REDIRECT_SSL_SERVER_M_SERIAL 
"051FC4B4A36343F49F637925A04EA17AD96A"
REDIRECT_SSL_SERVER_M_VERSION 
"3"
REDIRECT_SSL_SERVER_SAN_DNS_0 
"kbin.spritesserver.nl"
REDIRECT_SSL_SERVER_S_DN 
"CN=kbin.spritesserver.nl"
REDIRECT_SSL_SERVER_S_DN_CN 
"kbin.spritesserver.nl"
REDIRECT_SSL_SERVER_V_END 
"Dec 25 21:01:55 2025 GMT"
REDIRECT_SSL_SERVER_V_START 
"Sep 26 21:01:56 2025 GMT"
REDIRECT_SSL_SESSION_ID 
"a0318e99722fbdc3204f0125edfc87704b48be5ae253b92a5f5f0e64d310b34b"
REDIRECT_SSL_SESSION_RESUMED 
"Resumed"
REDIRECT_SSL_TLS_SNI 
"kbin.spritesserver.nl"
REDIRECT_SSL_VERSION_INTERFACE 
"mod_ssl/2.4.62"
REDIRECT_SSL_VERSION_LIBRARY 
"OpenSSL/3.0.16"
REDIRECT_STATUS 
"200"
REDIRECT_URL 
"/f/inbox"
REMOTE_ADDR 
"162.55.240.75"
REMOTE_PORT 
"50430"
REQUEST_METHOD 
"POST"
REQUEST_SCHEME 
"https"
REQUEST_TIME 
1762911625
REQUEST_TIME_FLOAT 
1762911625.7844
REQUEST_URI 
"/f/inbox"
SCRIPT_FILENAME 
"/var/www/kbin/kbin/public/index.php"
SCRIPT_NAME 
"/index.php"
SERVER_ADDR 
"5.9.62.165"
SERVER_ADMIN 
"webmaster@spritesmods.com"
SERVER_NAME 
"kbin.spritesserver.nl"
SERVER_PORT 
"443"
SERVER_PROTOCOL 
"HTTP/1.1"
SERVER_SIGNATURE 
""
SERVER_SOFTWARE 
"Apache"
SSL_CIPHER 
"TLS_AES_256_GCM_SHA384"
SSL_CIPHER_ALGKEYSIZE 
"256"
SSL_CIPHER_EXPORT 
"false"
SSL_CIPHER_USEKEYSIZE 
"256"
SSL_CLIENT_VERIFY 
"NONE"
SSL_COMPRESS_METHOD 
"NULL"
SSL_PROTOCOL 
"TLSv1.3"
SSL_SECURE_RENEG 
"true"
SSL_SERVER_A_KEY 
"rsaEncryption"
SSL_SERVER_A_SIG 
"sha256WithRSAEncryption"
SSL_SERVER_I_DN 
"CN=R13,O=Let's Encrypt,C=US"
SSL_SERVER_I_DN_C 
"US"
SSL_SERVER_I_DN_CN 
"R13"
SSL_SERVER_I_DN_O 
"Let's Encrypt"
SSL_SERVER_M_SERIAL 
"051FC4B4A36343F49F637925A04EA17AD96A"
SSL_SERVER_M_VERSION 
"3"
SSL_SERVER_SAN_DNS_0 
"kbin.spritesserver.nl"
SSL_SERVER_S_DN 
"CN=kbin.spritesserver.nl"
SSL_SERVER_S_DN_CN 
"kbin.spritesserver.nl"
SSL_SERVER_V_END 
"Dec 25 21:01:55 2025 GMT"
SSL_SERVER_V_START 
"Sep 26 21:01:56 2025 GMT"
SSL_SESSION_ID 
"a0318e99722fbdc3204f0125edfc87704b48be5ae253b92a5f5f0e64d310b34b"
SSL_SESSION_RESUMED 
"Resumed"
SSL_TLS_SNI 
"kbin.spritesserver.nl"
SSL_VERSION_INTERFACE 
"mod_ssl/2.4.62"
SSL_VERSION_LIBRARY 
"OpenSSL/3.0.16"
SYMFONY_DOTENV_VARS 
"KBIN_DOMAIN,KBIN_TITLE,KBIN_DEFAULT_LANG,KBIN_FEDERATION_ENABLED,KBIN_CONTACT_EMAIL,KBIN_SENDER_EMAIL,KBIN_JS_ENABLED,KBIN_REGISTRATIONS_ENABLED,KBIN_API_ITEMS_PER_PAGE,KBIN_STORAGE_URL,KBIN_META_TITLE,KBIN_META_DESCRIPTION,KBIN_META_KEYWORDS,KBIN_HEADER_LOGO,KBIN_CAPTCHA_ENABLED,KBIN_FEDERATION_PAGE_ENABLED,REDIS_PASSWORD,REDIS_DNS,S3_KEY,S3_SECRET,S3_BUCKET,S3_REGION,S3_VERSION,OAUTH_FACEBOOK_ID,OAUTH_FACEBOOK_SECRET,OAUTH_GOOGLE_ID,OAUTH_GOOGLE_SECRET,OAUTH_GITHUB_ID,OAUTH_GITHUB_SECRET,KBIN_ADMIN_ONLY_OAUTH_CLIENTS,APP_ENV,APP_SECRET,POSTGRES_DB,POSTGRES_USER,POSTGRES_PASSWORD,POSTGRES_VERSION,DATABASE_URL,MESSENGER_TRANSPORT_DSN,MAILER_DSN,MERCURE_URL,MERCURE_PUBLIC_URL,MERCURE_JWT_SECRET,CORS_ALLOW_ORIGIN,LOCK_DSN,JWT_SECRET_KEY,JWT_PUBLIC_KEY,JWT_PASSPHRASE,HCAPTCHA_SITE_KEY,HCAPTCHA_SECRET"