[Technically not us] Redirecting /notice to /objects causes http signatures to be invalid #146
Labels
No labels
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: AkkomaGang/akkoma#146
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
When we get an AP request on
/notice/:id
, we redirect to the /object endpointthis causes most HTTP clients to seemlessly move from one URL to the next, but this then causes the HTTP signature to be incorrect since the server software won't regenerate the signature
this is only an issue in the case that
it only got unearthed due to the secure mode being made more accessible and people turning it on, but this will affect all *roma instances
there's a few possible ways about this, the ugliest would be just to check against the note URL on validate (ew)
given that http is stateless that might be the only way to do this reliably
anyhow something to thunk about