- cross-posted to:
- privacy
- fediverse@kbin.social
- fediverse@lemmy.world
- cross-posted to:
- privacy
- fediverse@kbin.social
- fediverse@lemmy.world
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
A thread linking to the blog post where they bragged about it.