Originally Posted by
Bat
I dug into this a bit, but the results were inconclusive. There's nothing unusual about the score submission routine executed by Ruffle, but the server's response is error code 17, indicating that the hash provided is invalid. Repeating that same score submission with identical details in my score sender generated the exact same encrypted payload as the one Ruffle submitted, so the remaining culprits would be the page request parameters, cookies, or something wacky like brotli compression. I'm ruling out StackPath because I didn't encounter any issues walking around it with my score sender. It's extremely unlikely that a legitimate web browser would run into problems with StackPath while a program that barely approximates a legitimate web browser would somehow get past it just fine.