🚨 ActivityPub Client and C2S Support

If you read that and you have any influence in the development of Fediverse projects please make sure the CORS headers for the following endpoints are set to \*.

* /.well-known/webfinger (needed to fetch account information)
* /.well-known/nodeinfo (needed to get information what sofware the instance runs)
* The outbox endpoint to get posts and all referenced endpoints to be able to access public content from web

/cc @fediforum @fediverse @fediversenews

  • smallcircles
    2·
    2 years ago

    For readers the follow-up to the same toot is relevant as well. First reply is “Don’t do this”.

      • smallcircles
        3·
        2 years ago

        Ah, that is due to the particular app that is being used, called Bovine. @helge@mymath.rocks (also not directly browser-accessible) wrote:

        🚨🚨🚨 DON’T! This suggestion leads to Spaghetti Architecture.

        First, Client to Server specifies how to one client talks to one server. This change is about one Client (in a browser) talking to a lot of servers, breaking the Servers talk to Servers, a Client talks to the Server it’s a client of, pattern.

        Second, this change allows clients (in browsers) to circumvent blocking. If you block a server domain, you don’t want the clients to fallback to getting the information directly from you.

        So please, do not implement this change; and if you have this type of CORS header set, consider removing them.

        Top-level toot: https://social.oberhauser.space/@obale/110058041568721745

        • Helge@mymath.rocks
          1·
          2 years ago

          Hmm … I should probably display a html page that explains how to open the object using your ActivityPub server. So for example on Mastodon you should be able to search for the link.

          I also admit that the entire thing is probably more experimental than it should be. As I stated many times, there are many issues to address if one wants better ActivityPub implementations.

            • helgeEnglish
              1·
              2 years ago

              Not sure, I just created a Lemmy account to find out and I don’t see an option.

              I now want to mention @nutomic in this reply and ask if such a feature exists or is on their roadmap. Unfortunately, I also don’t see how to do mentions on Lemmy.