Closed lmorchard closed 10 months ago
thanks! I was vaguely aware of this setting but didn't have it on my radar.
It's been a gotcha in a few of my tinkery projects, too! Not sure it's a super-common setting enabled out there, but more of the privacy & security & moderation sensitive instances have switched it on
I am experiencing this issue also.
@ckolderup, let me know if you would be open to contributions. It seems like a portion of the signAndSend()
function could be extracted into a new signedFetch()
utility function which could be used to sign the GET request. I have time to get started on a PR if that would be helpful!
@pburke my only hesitation is that the code is such a mess, but if you're willing to help out, I definitely won't turn it down. Up until this point I've been coding in "just get it working" mode so some refactoring is definitely overdue. Thanks!
@ckolderup I'll take a crack at it soon and report back!
Woo! 🎉 Also, can confirm that this fix worked for me after importing an update to my glitch project!
I tried following my postmarks user from my account @lmorchard@hackers.town and got this error in the log on glitch:
The likely culprit is that hackers.town has
AUTHORIZED_FETCH
enabled as a Mastodon setting.This means that fetching my actor data without HTTP signature headers in the GET request will result in a 401 Unauthorized status.
https://hackers.town/users/lmorchard.json
FWIW, it worked fine from my @lmorchard@mastodon.social account, where AUTHORIZED_FETCH is not enabled.