InventoryAPIv3 leaking internal scheme identifier
tracked
Cinder Roxley
Internal scheme identifier "slcap://" is leaked in PUT and PATCH requests to AISv3 endpoint
Log In
Maestro Linden
marked this post as
tracked
Hi Cinder, I also see "slcap://" in the Content-Location header when making an AISv3 request in a viewer. That scheme doesn't have any real internal meaning, but it's curious that that string shows up at all.
Cinder Roxley
It redacted the other parts of the post and won't let me update...
Make a call to SlamFolder (a PUT request) and observe the 201 Created response:
Date: Wed, 04 Jun 2025 20:38:32 GMT
Server: Apache
X-LL-Request-Id: aECuyNDHz8BcYDvfmg9JCgAAATk
Content-Type: application/llsd+xml
Content-Length: 65859
Content-Location: slcap://InventoryAPIv3/category/1854a12a-d07f-bb17-a00c-82b739b05698/links
Location: slcap://InventoryAPIv3/category/1854a12a-d07f-bb17-a00c-82b739b05698/links
Vary: Accept,Accept-Encoding,X-Untrusted-Path,X-Untrusted-Query
Access-Control-Allow-Origin: *
Content-Location/Location contain the scheme indentifer "slcap://" which I assume is internal. This makes .NET HttpClient angry with Second Life which in turns makes me feel very sad. -> :(