search

go-fed / activity

ActivityStreams & ActivityPub in golang, oh my!
BSD 3-Clause "New" or "Revised" License
702 stars 111 forks source link

Avoid reliance on a dead JSON-LD namespace link #152

Open MrPetovan opened 2 years ago

MrPetovan commented 2 years ago

See https://github.com/friendica/friendica/issues/10740 Copied upstream from https://github.com/superseriousbusiness/gotosocial/issues/240

If https://github.com/mastodon/joinmastodon/issues/148 doesn't get addressed, there is another way to prevent a remote lookup to a dead namespace link which can break federation.

Instead of just

"@context": [
    "http://joinmastodon.org/ns",
    "https://w3id.org/security/v1",
    "https://www.w3.org/ns/activitystreams"
  ],

Safe interoperability solution

you can bring the whole namespace definition in the context array like this:

"@context": [
        "https://www.w3.org/ns/activitystreams",
        "https://w3id.org/security/v1",
        {
            "manuallyApprovesFollowers": "as:manuallyApprovesFollowers",
            "toot": "http://joinmastodon.org/ns#",
            "featured": {
                "@id": "toot:featured",
                "@type": "@id"
            },
            "featuredTags": {
                "@id": "toot:featuredTags",
                "@type": "@id"
            },
            "alsoKnownAs": {
                "@id": "as:alsoKnownAs",
                "@type": "@id"
            },
            "movedTo": {
                "@id": "as:movedTo",
                "@type": "@id"
            },
            "schema": "http://schema.org#",
            "PropertyValue": "schema:PropertyValue",
            "value": "schema:value",
            "IdentityProof": "toot:IdentityProof",
            "discoverable": "toot:discoverable",
            "Device": "toot:Device",
            "Ed25519Signature": "toot:Ed25519Signature",
            "Ed25519Key": "toot:Ed25519Key",
            "Curve25519Key": "toot:Curve25519Key",
            "EncryptedMessage": "toot:EncryptedMessage",
            "publicKeyBase64": "toot:publicKeyBase64",
            "deviceId": "toot:deviceId",
            "claim": {
                "@type": "@id",
                "@id": "toot:claim"
            },
            "fingerprintKey": {
                "@type": "@id",
                "@id": "toot:fingerprintKey"
            },
            "identityKey": {
                "@type": "@id",
                "@id": "toot:identityKey"
            },
            "devices": {
                "@type": "@id",
                "@id": "toot:devices"
            },
            "messageFranking": "toot:messageFranking",
            "messageType": "toot:messageType",
            "cipherText": "toot:cipherText",
            "suspended": "toot:suspended",
            "focalPoint": {
                "@container": "@list",
                "@id": "toot:focalPoint"
            }
        }
    ],

Solution requiring JSON-LD compacting on the receiving end

If this is too verbose for you in every single outgoing message, you can instead declare your namespace like this:

"@context": [
    {
        "toot": "http://joinmastodon.org/ns"
    },
    "https://w3id.org/security/v1",
    "https://www.w3.org/ns/activitystreams"
  ],

And update every key listed in the above namespace to the corresponding value. "discoverable": false would become "toot:discoverable": false for example. I do not have more information on the more complex declarations but I assume it works the same, just by replacing the key by the @id value.

Thanks to @annando for the technical details.

cjslep commented 2 years ago

Thanks for taking the time to track this down! I see the root problem is still open -- does that mean mastodon is still serving HTML-only pages?

MrPetovan commented 2 years ago

Very much so, I'm afraid: http://joinmastodon.org/ns

MrPetovan commented 1 year ago

This is now blocking communication between Friendica and GotoSocial and Owncast, both relying on go-fed.