Test that an actor's URI can be on a different host than their @user@host handle

fediverse-devnet / feditest-tests-fediverse

The tests for the fediverse testsuite

MIT License

7 stars 4 forks source link

Test that an actor's URI can be on a different host than their @user@host handle #63

Open jernst opened 6 months ago

jernst commented 6 months ago

E.g. @user@a.example resolves to https://b.example.com/otheruser.

steve-bate commented 6 months ago

Possibly related...

https://www.rfc-editor.org/rfc/rfc7033

If the query target contains a "host" portion (Section 3.2.2 of RFC 3986), then the host to which the WebFinger query is issued SHOULD be the same as the "host" portion of the query target, unless the client receives instructions through some out-of-band mechanism to send the query to another host.

This is SHOULD and not a MUST. I haven't seen this enforced in a Fediverse context but a related test might highlight where it is validated (other than returning 404).

jernst commented 6 months ago

This appears to be a MUST requirement on the client: accept it, although the server is discouraged from doing so (SHOULD).

steve-bate commented 6 months ago

I interpreted “the host to which the WebFinger query is issued SHOULD …” as referring to the client since the server doesn’t issue queries. The server role seems to be related to possibly sending “out-of-band” instructions, whatever that means.

steve-bate commented 6 months ago

Or maybe the “out-of-band” means completely outside the scope of WebFinger (not even the WF server/resource)?

jernst commented 6 months ago

Use case case: fallback Webfinger, similar to what Mozilla did back in the day with Persona: if you can't find a webfinger endpoint, go to a globally well-known fallback endpoint which fills in before the real site implements things (if they ever well).