Closed snarfed closed 1 year ago
I suspect a www.jvt.me vs jvt.me bug somewhere in BF. ā¹ļø
Interestingly, this might be Follow/Accept specific. Mastodon has accepted at least one of our signatures for a www.jvt.me Like activity: https://fed.brid.gy/log?key=https%3A%2F%2Fwww.jvt.me%2Fmf2%2F2022%2F11%2Fbdk3t%2F+https%3A%2F%2Findieweb.social%2F%40tchambers%2F109243684867780200&start_time=1667671212
I 2022-11-05 17:59:26.777305+00:00 Sending AP request from www.jvt.me: {
"id": "https://fed.brid.gy/r/https://www.jvt.me/mf2/2022/11/bdk3t/",
"published": "2022-11-05T14:39:47Z",
"summary": "Liked a post on indieweb.social by\u00a0Tim Chambers\u00a0 Post detailsWelcome to the 22 new users to this instance TONIGHT, and & for many of you, welcome to the #Mastodon & the #Fediverse. Promise this will be different than Twitter for those of you migrating on the \u2026(https://indieweb.social/@tchambers/109243684867780200)",
"url": "https://fed.brid.gy/r/https://www.jvt.me/mf2/2022/11/bdk3t/",
"@context": "https://www.w3.org/ns/activitystreams",
"type": "Like",
"object": "https://indieweb.social/users/tchambers/statuses/109243684867780200",
"..."
}
I 2022-11-05 17:59:27.056943+00:00 requests.post https://indieweb.social/users/tchambers/inbox {'gateway': True, 'data': b'{"id":"https://fed.brid.gy/r/https://www.jvt.me/mf2/2022/11/bdk3t/","published":"2022-11-05T14:39:47Z","summary":"Liked a post on indieweb.social by\\u00a0Tim Chambers\\u00a0 Post detailsWelcome to the 22 new users to this instance TONIGHT, and & for many of you, welcome to the #Mastodon & the #Fediverse. Promise this will be different than Twitter for those of you migrating on the \\u2026(https://indieweb.social/@tchambers/109243684867780200)","url":"https://fed.brid.gy/r/https://www.jvt.me/mf2/2022/11/bdk3t/","actor":{"url":"https://fed.brid.gy/r/https://www.jvt.me","type":"Person","name":"Jamie Tanna","image":[{"url":"https://www.jvt.me/img/profile.png","type":"Image","name":"Jamie Tanna\'s profile image"}],"icon":[{"url":"https://www.jvt.me/img/profile.png","type":"Image","name":"Jamie Tanna\'s profile image"}],"id":"https://fed.brid.gy/www.jvt.me","preferredUsername":"www.jvt.me"},"@context":"https://www.w3.org/ns/activitystreams","type":"Like","object":"https://indieweb.social/users/tchambers/statuses/109243684867780200","cc":["https://www.w3.org/ns/activitystreams#Public","https://indieweb.social/users/tchambers","https://indieweb.social/users/tchambers/followers"]}', 'auth': <httpsig.requests_auth.HTTPSignatureAuth object at 0x3e5655aaa190>, 'headers': {'Content-Type': '...', 'Date': '...', 'Digest': '...', 'Host': '...'}}
I 2022-11-05 17:59:37.310606+00:00 Received 202
Is this related to Bridgy Fed constructing the HTTP signature, or the other Mastodon server?
If it's Bridgy Fed, it may be related to an issue I've seen at $previousJob
that may explain why it's just me seeing it seo far.
The issue was where the querystring that is given to AWS Lambda (which I'm using for my redirects) isn't the same as the querystring that's being signed, so the solution we had was to make sure that the signature generation always uses an alphabetically-sorted set of querystring params, rather than in the order they come in.
May not actually be the case, but thought I'd share!
I see a tag:fed.brid.gy:accept/jvt.me/
with only the short URL, not the www.
, could also be related?
Thanks for the ideas! There's no query string in these inbox URLs, and the JSON body is serialized and that same string is used for both the signature and the HTTP request. More importantly, Mastodon is accepting our signatures for other Accept
s and our signature for your Create
activity, examples above.
~The tag
is possible, but I also suspect this, since domain_from_link
strips www
:~
Edit: never mind, that's the destination inbox, which isn't on www.jvt.me. Ignore that.
Ideally, I'd always drop www.
, for all users, everywhere, but I'd need to think through the UX first.
Would that mean I'd need to ask people to follow @jvt.me@jvt.me
in that case?
Yes, but there may be valid UX needs for some people who want www vs non-www. No decisions or changes here yet on my part, initial step here is just to get www.jvt.me working as is.
Fixed! Will attach the commit here soon.
Woop, I can see in the indieweb.social UI that I've been able to follow šš½
@jamietanna congrats and condolences, your site managed to hit a domain-specific bug that we're not seeing with other users. Mastodon is rejecting our HTTP Signatures for AP activities that we send on your behalf, but it's accepting the same activities for other users. Example, BF replying to @Tymscar's Follow (https://twitter.com/Tymscar/status/1589550831036403713) with Accept: https://fed.brid.gy/log?key=https://fosstodon.org/c129199f-c63d-4a13-8f8f-997e5f8c8984&start_time=1667768647