9d1e169472
The ban on redirects was based on a misreading of FEP-2c59’s requirements. It is only meant to forbid addresses other than the canonical ActivityPub ID being advertised as such in the returned WebFinger data. This does not meaningfully lessen security and verification still remains stricter than without FEP-2c59. Notably this allows Mastodon with its backwards WebFinger redirect (redirecting from the canonical WebFinger domain to the AP domain) to adopt FEP-2c59 without causing issues or extra effort to existing deplyoments which already adopted the Mastodon-recommended setup. |
||
|---|---|---|
| .. | ||
| config | ||
| credo/check/consistency | ||
| fixtures | ||
| instance_static | ||
| mix | ||
| pleroma | ||
| support | ||
| test_helper.exs | ||