From c424a55d6f716829c9fba7863bb1b3ccbdbf57c8 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Thu, 20 Nov 2025 00:26:44 +0900
Subject: [PATCH] more hints for invalid config

---
 copyparty/httpcli.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py
index 81d6ea3b..3ad430c0 100644
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -785,7 +785,7 @@ class HttpCli(object):
                 guess = "modifying" if (origin and host) else "stripping"
                 t = "cors-reject %s because request-header Origin=%r does not match request-protocol %r and host %r based on request-header Host=%r (note: if this request is not malicious, check if your reverse-proxy is accidentally %s request headers, in particular 'Origin', for example by running copyparty with --ihead='*' to show all request headers)"
                 self.log(t % (self.mode, origin, proto, self.host, host, guess), 3)
-                raise Pebkac(403, "rejected by cors-check")
+                raise Pebkac(403, "rejected by cors-check (see serverlog)")
 
             # getattr(self.mode) is not yet faster than this
             if self.mode == "POST":
@@ -931,7 +931,7 @@ class HttpCli(object):
             return False
 
         self.log("banned for {:.0f} sec".format(rt), 6)
-        self.terse_reply(b"thank you for playing", 403)
+        self.terse_reply(b"thank you for playing (see serverlog and readme)", 403)
         return True
 
     def permit_caching(self) -> None: