Lartsch
commented
1 year ago Hey, thanks for posting this. Did this happen with the latest version too? Because another user reported this like 2 weeks ago, so I moved all requests to the background script which should have fixed it (at least when I have tested it, and said user did not reopen the issue so I guess it worked for him too).
Would be awesome if the user could verify this happens in v0.9.8.7
Cheers
twotwotwo
We got a report from a user who was seeing an authentication popup on a site hosted in a product I work on. This turned out to be because of a FediAct request to /api/v1/instance, which triggers our server to request credentials because it starts with /api/. You ought to be able to reproduce by just navigating to https://act.johnfetterman.com/thanks/ .
In my tests, passing
credentials: 'omit'option in thefetchcall is enough to make a request fail that would otherwise prompt the user.https://developer.mozilla.org/en-US/docs/Web/API/fetch#:~:text=the%20following%20strings%3A-,omit,-Tells%20browsers%20to
You might also look for signs a site might be Mastodon before making an HTTP request, e.g. check for
document.querySelector('#mastodon') && document.querySelector('#initial-state').text.includes('mastodon'), or whether the path contains@or is one of the core page paths like getting-started. Butcredentials: 'omit'is the easy step here.