Scorecard Badges are returning 502 bad gateway

[arianvp]

Describe the bug

Reproduction steps
Look at the README in this repo. Notice that the scorecard badge is missing. Look at the logs. Notice a 502 bad gateway

Expected behavior
Badge works

Additional context

[spencerschrock]

Confirming I see the 502 for the camo.githubusercontent.com link, but the underlying scorecard link is working fine for me.

curl -iL https://api.scorecard.dev/projects/github.com/ossf/scorecard/badge
HTTP/2 302 
content-type: image/svg+xml
location: https://img.shields.io/ossf-scorecard/github.com/ossf/scorecard?label=openssf scorecard&style=flat
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-envoy-decorator-operation: ingress GetBadge
date: Fri, 11 Apr 2025 14:34:19 GMT
server: Google Frontend
content-length: 0

HTTP/2 200 
date: Fri, 11 Apr 2025 14:34:20 GMT
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: max-age=120, s-maxage=120
expires: Fri, 11 Apr 2025 14:35:53 GMT
content-security-policy: script-src 'none';
last-modified: Fri, 11 Apr 2025 14:33:53 GMT
server: cloudflare
via: 1.1 fly.io, 1.1 fly.io
fly-request-id: 01JRJMAZ8ZC7T6D6GV0C4H71N8-lax
age: 26
cf-cache-status: HIT
cf-ray: 92eb34436a1c2ebb-LAX
alt-svc: h3=":443"; ma=86400

<svg xmlns="http://www.w3.org/2000/svg" width="136" height="20" role="img" aria-label="openssf scorecard: 9.7"><title>openssf scorecard: 9.7</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="136" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="109" height="20" fill="#555"/><rect x="109" width="27" height="20" fill="#97ca00"/><rect width="136" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="555" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="990">openssf scorecard</text><text x="555" y="140" transform="scale(.1)" fill="#fff" textLength="990">openssf scorecard</text><text aria-hidden="true" x="1215" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="170">9.7</text><text x="1215" y="140" transform="scale(.1)" fill="#fff" textLength="170">9.7</text></g></svg>

Not sure what is causing the 502, but it's not directly on our end.

[spencerschrock]

This was working fine in the past, so I assume GitHub changed something with their camo proxy.

Not sure what is causing the 502, but it's not directly on our end.

I was suspicious of the space in one of the redirect query parameters "label=openssf scorecard" and changed it to a + in ossf/scorecard-webapp#774.

It seems to have worked in my initial testing, and in staging, so deployed that change to prod. It seems like things are working now, but feel free to re-open if it breaks again.