- Issue created by @kinetix242
- 🇧🇪Belgium swentel
It doesn't ring a bell, so yes, we might miss something here, although I have no idea what this Authorized Fetch Mode means exactly.
Is there any documentation about this somewhere that you know of? I hope we're able to use the Nodeinfo of the pleroma instance to figure out that also GET requests to a user to fetch the AP information needs to be signed (hopefully also just like we're already signing outbox requests).
- 🇨🇦Canada kinetix242
Some info on it: https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/
I am curious if my Activitypub settings could cause the problem - I have the site-wide user set to 0, which I might have accidentally done, but I haven't seen information / documentation on what the value should be.
- 🇨🇦Canada kinetix242
I'll just add that I've created a separate user for Activitypub, changed the site-wide user to that user ID (5), and ensured that authenticated users can publish to the site-wide actor.
Same result when trying to do the follow from the Akkoma instance.
I hope my additional comments are somewhat helpful. Please let me know if there's more I can do.
- 🇧🇪Belgium swentel
Ok, that post is good enough to dive into it as it has links to issues/code/documentation so I can figure out.
As far as I can see, this isn't necessarily part of the ActivityPub protocol, but I guess it can't hurt to enable this.
- 🇨🇦Canada kinetix242
I don't know if this will be at all helpful about the topic, but it looks like there's a draft report for "ActivityPub and HTTP Signatures" at https://swicg.github.io/activitypub-http-signature/#survey-of-standards-...
I apologise for the noise if this isn't helpful.