Open ganyuanmen opened 8 months ago
I don't know if this is related, but I'm getting SSL errors when I go to https://nngym.site/u/bookmarks
I am currently seeing connection failure / is the site down?
I haven’t dug in on the Mastodon changes 4.2.3->4.2.7 but I do think Postmarks has not always worked as expected for me with the webfinger lookups. Something for us to look into.
Yes, I turned off the service yesterday, and now it's on.
curl -H 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams"' https://nngym.site/u/bookmarks
return:
{ "@context":[ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1" ], "id":"https://nngym.site/u/bookmarks", "type":"Person", "preferredUsername":"bookmarks", "name":"Postmarks", "summary":"An ActivityPub bookmarking and sharing site built with Postmarks", "icon":{ "type":"Image", "mediaType":"image/png?v=1693610556689", "url":"https://cdn.glitch.global/8eaf209c-2fa9-4353-9b99-e8d8f3a5f8d4/postmarks-logo-white-small.png?v=1693610556689" }, "inbox":"https://nngym.site/api/inbox", "outbox":"https://nngym.site/u/bookmarks/outbox", "followers":"https://nngym.site/u/bookmarks/followers", "following":"https://nngym.site/u/bookmarks/following", "publicKey":{ "id":"https://nngym.site/u/bookmarks#main-key", "owner":"https://nngym.site/u/bookmarks", "publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx7k0yVe7FfQqEs8yDBrZ\nbZTTvG2/gaqTNv2zR+mM+dTtCulk6cqT9b2gcHXdhwfEBv4xPGIOpknwsI9n6t8x\nOKsBxXhdSCiRrllFcu4bxo07mGCvfiSeRztz0VXIM8oxQIl1HrKy0tOqmq1Ed2to\nhjsdeTXGLiGcwwtgWCz4Df29Lg/6PIIySnk29EvmIrOjxdp3gXyTfpXsle+6Rr7b\nodF/Sd4vM4yVu82XQXGC1/b7RSPX7uMvJrSeUjSZubmdlZSRr0dqsiaMW4He5tmz\nD6aGu9KBB80R/QLKBZ2Y3wiK8RQvLkOddxvTZk8Ptfrbac0HOZdRWWAuEKpqM8GV\nKFh8uOxlfAhnBMzmk28g++88IvgTAMnHb/ZtcrVY2tG56ZBzVAuGj+MI6D4RJIXQ\nqiTWuKOvS6yKMGK1P+pPqS5g6q2Xb4SwDpMcFfEJtw1/TD7seFZhYDc2tLYGlq9M\nWPNj2I6BKPHghgBoTBt4JC2AufrAhnGftAqBrDp/XoOFCaeX4gyI54mIZPgFA0zD\nmTwEnArABENK6QJ6qWvoBiQ0TPjviSIM81AeZ/ykwd5FbippmYNzXMC63hO2gk2p\ndZUsixYCkhZe8LHEQTbK3LnMw9vOBSYGaL7beA84zS5itV8hD+CYbZvuH0pW3U0E\nbyM2mBg01EkhVwYyiaJ4JycCAwEAAQ==\n-----END PUBLIC KEY-----\n" } }
But,on mastodon4.2.7 can not look up "bookmarks@nngym.site"
.env
PUBLIC_BASE_URL=nngym.site ADMIN_KEY=admin SESSION_SECRET=123456789012345678901234567890ab
Oh my god,
before return profile activity, you must add the following command :
res.setHeader('content-type', 'application/activity+json; charset=utf-8');
the old version of mastodon is not necessary, but the new version of mastodon must do this,This is puzzling.
This makes sense in the context of recent CVEs, thank you @ganyuanmen for identifying it.
Feel free to submit a Pull Request!
I cloned the project, running in the https environment, the website used normally. get:
https://nngym.site/.well-known/webfinger? resource=acct:bookmarks@nngym.site
Return:{ "subject": "acct:bookmarks@nngym.site", "links": [ { "rel": "self", "type": "application/activity+json", "href": "https://nngym.site/u/bookmarks" } ] }
get https://nngym.site/u/bookmarks can returns json results. But in mastodon 4.2.7, I couldn't find bookmarks@nngym.site.