ckolderup
commented
10 months ago thanks! I was vaguely aware of this setting but didn't have it on my radar.
Closed lmorchard closed 10 months ago
ckolderup
commented
10 months ago thanks! I was vaguely aware of this setting but didn't have it on my radar.
lmorchard
commented
10 months ago It's been a gotcha in a few of my tinkery projects, too! Not sure it's a super-common setting enabled out there, but more of the privacy & security & moderation sensitive instances have switched it on
pburke
commented
10 months ago I am experiencing this issue also.
@ckolderup, let me know if you would be open to contributions. It seems like a portion of the signAndSend() function could be extracted into a new signedFetch() utility function which could be used to sign the GET request. I have time to get started on a PR if that would be helpful!
ckolderup
commented
10 months ago @pburke my only hesitation is that the code is such a mess, but if you're willing to help out, I definitely won't turn it down. Up until this point I've been coding in "just get it working" mode so some refactoring is definitely overdue. Thanks!
pburke
commented
10 months ago @ckolderup I'll take a crack at it soon and report back!
lmorchard
commented
10 months ago Woo! 🎉 Also, can confirm that this fix worked for me after importing an update to my glitch project!
I tried following my postmarks user from my account @lmorchard@hackers.town and got this error in the log on glitch:
The likely culprit is that hackers.town has
AUTHORIZED_FETCHenabled as a Mastodon setting.This means that fetching my actor data without HTTP signature headers in the GET request will result in a 401 Unauthorized status.
https://hackers.town/users/lmorchard.json
FWIW, it worked fine from my @lmorchard@mastodon.social account, where AUTHORIZED_FETCH is not enabled.