this post was submitted on 20 Mar 2023
10 points (100.0% liked)

Fediverse

17496 readers
24 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 4 years ago
MODERATORS
deadsuperhero@lemmy.ml
wakest@lemmy.ml
10
๐Ÿšจ ActivityPub Client and C2S Support (social.oberhauser.space)
submitted 1 year ago by obale@social.oberhauser.space to c/fediverse@lemmy.ml
4 comments fedilink hide all child comments
 

๐Ÿšจ ActivityPub Client and C2S Support

If you read that and you have any influence in the development of Fediverse projects please make sure the CORS headers for the following endpoints are set to \*.

* /.well-known/webfinger (needed to fetch account information)
* /.well-known/nodeinfo (needed to get information what sofware the instance runs)
* The outbox endpoint to get posts and all referenced endpoints to be able to access public content from web

/cc @fediforum @fediverse @fediversenews

you are viewing a single comment's thread
view the rest of the comments
[โ€“] humanetech@lemmy.ml 2 points 1 year ago (2 children)

For readers the follow-up to the same toot is relevant as well. First reply is "Don't do this".

[โ€“] altair222@beehaw.org 1 points 1 year ago (1 children)

Inaccessible reply

[โ€“] humanetech@lemmy.ml 3 points 1 year ago* (last edited 1 year ago)

Ah, that is due to the particular app that is being used, called Bovine. @helge@mymath.rocks (also not directly browser-accessible) wrote:

๐Ÿšจ๐Ÿšจ๐Ÿšจ DON'T! This suggestion leads to Spaghetti Architecture.

First, Client to Server specifies how to one client talks to one server. This change is about one Client (in a browser) talking to a lot of servers, breaking the Servers talk to Servers, a Client talks to the Server it's a client of, pattern.

Second, this change allows clients (in browsers) to circumvent blocking. If you block a server domain, you don't want the clients to fallback to getting the information directly from you.

So please, do not implement this change; and if you have this type of CORS header set, consider removing them.

Top-level toot: https://social.oberhauser.space/@obale/110058041568721745