Open ThisIsMissEm opened 6 months ago
I'm a little confused here. If a@a.example
receives a Delete(X)
, presumably the software at a.example
first checks whether it has a copy of X
.
If it doesn't have a copy of X
, nothing happens because there is nothing to delete.
If it does have a copy of X
, it doesn't need to fetch X
because it already has it.
What am I misunderstanding?
Yup, but there's some fediverse software where receiving a Delete(X)
actually triggers a fetch on X
, which should be treated as an error (fediverse software should fetch something when receiving a Delete
, if it doesn't know of that thing)
As the action is to be deleting the data, the object shouldn't be first requested, but you do need to verify that the object is "owned" in some way (i.e., don't allow
Delete(Object)
where theObject.id
is a different server to theDelete
activity's origin.This came up from a discussion with @dansup around how deletes work in pixelfed, where he wasn't sure if it was safe to send a Delete in certain cases due to the remote server potentially first fetching the object it's being told to delete.