Labels Milestones

New Pull Request

[wip] use Authorized fetch #723

Open

epsilon-phase wants to merge 2 commits from epsilon-phase/authorized-fetch into master

pull from: epsilon-phase/authorized-fetch

merge into: Plume:master

Plume:DearRude/force-lang

Plume:RAOF/fix-arm64-build

Plume:better-caching

Plume:bidi-md

Plume:clippy

Plume:dir-safestring

Plume:drone-ci

Plume:feature/ldap

Plume:fix-mobile-margin

Plume:floreal/translations-update

Plume:gh-pr-818

Plume:go/async

Plume:igalic/feat/custom-fairing-domains

Plume:igalic/fix/cargo-release-helper

Plume:igalic/go/async-all-mut

Plume:ignore-journal

Plume:improve-the-editor-once-again

Plume:ldap-non-anon

Plume:main

Plume:master

Plume:missing-docs

Plume:remove-dup-images

Plume:test/dotenv_error

Plume:upgrade

Plume:v0.7.0

Conversation 1 Commits 2 Files Changed 3

epsilon-phase commented 2 years ago (Migrated from github.com)

Owner

Many activitypub servers are starting to enable Mastodon style authorized fetch for security reasons. As plume does not sign the user fetches, this means it is not possible to fetch actor information from these servers

The current solution is rather hacky, but it is the best we can figure out without more input and guidance. The ideal solution is to have a quasi actor that can sign these requests and be transparent to the user. As of now it merely fetches the first local user that comes to hand and signs the request with their information.

Many activitypub servers are starting to enable Mastodon style authorized fetch for security reasons. As plume does not sign the user fetches, this means it is not possible to fetch actor information from these servers The current solution is rather hacky, but it is the best we can figure out without more input and guidance. The ideal solution is to have a quasi actor that can sign these requests and be transparent to the user. As of now it merely fetches the first local user that comes to hand and signs the request with their information.

👍 1

codecov[bot] commented 2 years ago (Migrated from github.com)

Owner

Codecov Report

Merging #723 into master will decrease coverage by 0.04%.
The diff coverage is 0%.

@@            Coverage Diff             @@
##           master     #723      +/-   ##
==========================================
- Coverage   39.13%   39.09%   -0.05%     
==========================================
  Files          73       73              
  Lines        9684     9695      +11     
  Branches     2315     2321       +6     
==========================================
  Hits         3790     3790              
- Misses       4807     4818      +11     
  Partials     1087     1087

# [Codecov](https://codecov.io/gh/Plume-org/Plume/pull/723?src=pr&el=h1) Report > Merging [#723](https://codecov.io/gh/Plume-org/Plume/pull/723?src=pr&el=desc) into [master](https://codecov.io/gh/Plume-org/Plume/commit/f3c05dae62ffe6cf73b74e3cbf7be1116be8760c?src=pr&el=desc) will **decrease** coverage by `0.04%`. > The diff coverage is `0%`. ```diff @@ Coverage Diff @@ ## master #723 +/- ## ========================================== - Coverage 39.13% 39.09% -0.05% ========================================== Files 73 73 Lines 9684 9695 +11 Branches 2315 2321 +6 ========================================== Hits 3790 3790 - Misses 4807 4818 +11 Partials 1087 1087 ```

This pull request is marked as a work in progress. Remove the [wip] prefix from the title when it's ready

This branch is out-of-date with the base branch

Sign in to join this conversation.

Reviewers

Request review

No reviewers

Labels

Apply labels

Clear labels

A: API
Related to the REST API A: Backend
Code running on the server A: Federation
Stuff related to Federation A: Front-End
Related to the front-end A: I18N
Translations, and related code A: Meta
More about project management or code than the project itself A: Security Build
The building, or installation process of Plume C: Bug
Something isn't working C: Discussion
We need to talk C: Enhancement
New feature or request C: Feature
This is a new feature Compatibility
Compatibility with different browsers, readers and OS Dependency
Related to an external package that Plume uses Design
UI/UX related issues and PRs Documentation Good first issue
Good for newcomers Help welcome
Extra attention is needed Mobile
Issues affecting only mobile UX Rendering
How elements're rendered out for the end user S: Blocked
Something else needs to be fixed first S: Duplicate
This issue or pull request already exists S: Incomplete
This PR is not complete yet S: Instance specific
Issues concern a limited number of instances S: Invalid
This doesn't seem right S: Needs Voting/Discussion
Need to be discussed by the community (on Loomio) S: Ready for review
This PR is ready to be reviewed Suggestion
Proposed ideas worth considering S: Voted on Loomio
This is issue has been created after a vote on Loomio S: Wontfix
This will not be worked on

No Label A: API A: Backend A: Federation A: Front-End A: I18N A: Meta A: Security Build C: Bug C: Discussion C: Enhancement C: Feature Compatibility Dependency Design Documentation Good first issue Help welcome Mobile Rendering S: Blocked S: Duplicate S: Incomplete S: Instance specific S: Invalid S: Needs Voting/Discussion S: Ready for review Suggestion S: Voted on Loomio S: Wontfix

Milestone

Set milestone

Clear milestone

No items

No Milestone

Assignees

Assign users

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

This pull request currently doesn't have any dependencies.

Write Preview

Loading…

Cancel

Save

There is no content yet.