BREAKING: activitypub: validate fetch signatures #399

Manually merged

Johann150 merged 2 commits from helene/FoundKey:feature/verify-fetch-signatures into main

2023-06-27 19:59:29 +00:00

Author	SHA1	Message	Date
Hélène	fe0dde38c3	fixup! BREAKING: activitypub: validate fetch signatures All checks were successful ci/woodpecker/pr/lint-backend Pipeline was successful Details ci/woodpecker/pr/lint-foundkey-js Pipeline was successful Details ci/woodpecker/pr/build Pipeline was successful Details ci/woodpecker/pr/lint-client Pipeline was successful Details ci/woodpecker/pr/lint-sw Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details	2023-06-23 19:53:47 +02:00
Hélène	f89a374e5f	BREAKING: activitypub: validate fetch signatures All checks were successful ci/woodpecker/pr/lint-foundkey-js Pipeline was successful Details ci/woodpecker/pr/lint-client Pipeline was successful Details ci/woodpecker/pr/lint-backend Pipeline was successful Details ci/woodpecker/pr/build Pipeline was successful Details ci/woodpecker/pr/lint-sw Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details Enforces HTTP signatures on object fetches, and rejects fetches from blocked instances. This should mean proper and full blocking of remote instances. This is now default behavior, which makes it a breaking change. To disable it (mostly for development purposes), "meta"."allowUnsignedFetches" can be set to true. It is not the default for development environments as it is important to have as close as possible behavior to real environments for ActivityPub development. Co-authored-by: nullobsi <me@nullob.si> Co-authored-by: Norm <normandy@biribiri.dev> Changelog: Added	2023-06-23 16:30:09 +02:00