58c0ac6c89
@Oneric explained: > Spec says query params must be included in the signature; Mastodon > being Mastodon used to always exclude it though and for > compatibility everyone followed this. At some point GtS decided to > follow spec instead which caused interop issues, but succeeded in > getting Mastodon (and others like *oma) to accept incoming requests > with (and also still without) query params though outgoing requests > remaing query-param-free. Some still only accept query-param-less > requests though and GtS uses a retry mechanism to resend any request > failing with 401 with an query-parama-less signature once. (Also > see: > https://docs.gotosocial.org/en/latest/federation/http_signatures/ ) > > So for incoming requests both versions need to be checked. For > outgoing requests, unless you want to jump through retry hoops like > GtS, omitting query-params is the safer bet for now (presumably this > will only change if Mastodon ever decides to send out requests > signed with query params) |
||
|---|---|---|
| .. | ||
| api | ||
| assets | ||
| oauth | ||
| web | ||
| ActivityPubServerService.ts | ||
| FileServerService.ts | ||
| HealthServerService.ts | ||
| NodeinfoServerService.ts | ||
| ServerModule.ts | ||
| ServerService.ts | ||
| SkRateLimiterService.md | ||
| SkRateLimiterService.ts | ||
| WellKnownServerService.ts | ||