snarfed
commented
1 year ago I suspect a www.jvt.me vs jvt.me bug somewhere in BF. ā¹ļø
Closed snarfed closed 1 year ago
snarfed
commented
1 year ago I suspect a www.jvt.me vs jvt.me bug somewhere in BF. ā¹ļø
snarfed
commented
1 year ago Interestingly, this might be Follow/Accept specific. Mastodon has accepted at least one of our signatures for a www.jvt.me Like activity: https://fed.brid.gy/log?key=https%3A%2F%2Fwww.jvt.me%2Fmf2%2F2022%2F11%2Fbdk3t%2F+https%3A%2F%2Findieweb.social%2F%40tchambers%2F109243684867780200&start_time=1667671212
I 2022-11-05 17:59:26.777305+00:00 Sending AP request from www.jvt.me: {
"id": "https://fed.brid.gy/r/https://www.jvt.me/mf2/2022/11/bdk3t/",
"published": "2022-11-05T14:39:47Z",
"summary": "Liked a post on indieweb.social by\u00a0Tim Chambers\u00a0 Post detailsWelcome to the 22 new users to this instance TONIGHT, and & for many of you, welcome to the #Mastodon & the #Fediverse. Promise this will be different than Twitter for those of you migrating on the \u2026(https://indieweb.social/@tchambers/109243684867780200)",
"url": "https://fed.brid.gy/r/https://www.jvt.me/mf2/2022/11/bdk3t/",
"@context": "https://www.w3.org/ns/activitystreams",
"type": "Like",
"object": "https://indieweb.social/users/tchambers/statuses/109243684867780200",
"..."
}
I 2022-11-05 17:59:27.056943+00:00 requests.post https://indieweb.social/users/tchambers/inbox {'gateway': True, 'data': b'{"id":"https://fed.brid.gy/r/https://www.jvt.me/mf2/2022/11/bdk3t/","published":"2022-11-05T14:39:47Z","summary":"Liked a post on indieweb.social by\\u00a0Tim Chambers\\u00a0 Post detailsWelcome to the 22 new users to this instance TONIGHT, and & for many of you, welcome to the #Mastodon & the #Fediverse. Promise this will be different than Twitter for those of you migrating on the \\u2026(https://indieweb.social/@tchambers/109243684867780200)","url":"https://fed.brid.gy/r/https://www.jvt.me/mf2/2022/11/bdk3t/","actor":{"url":"https://fed.brid.gy/r/https://www.jvt.me","type":"Person","name":"Jamie Tanna","image":[{"url":"https://www.jvt.me/img/profile.png","type":"Image","name":"Jamie Tanna\'s profile image"}],"icon":[{"url":"https://www.jvt.me/img/profile.png","type":"Image","name":"Jamie Tanna\'s profile image"}],"id":"https://fed.brid.gy/www.jvt.me","preferredUsername":"www.jvt.me"},"@context":"https://www.w3.org/ns/activitystreams","type":"Like","object":"https://indieweb.social/users/tchambers/statuses/109243684867780200","cc":["https://www.w3.org/ns/activitystreams#Public","https://indieweb.social/users/tchambers","https://indieweb.social/users/tchambers/followers"]}', 'auth': <httpsig.requests_auth.HTTPSignatureAuth object at 0x3e5655aaa190>, 'headers': {'Content-Type': '...', 'Date': '...', 'Digest': '...', 'Host': '...'}}
I 2022-11-05 17:59:37.310606+00:00 Received 202
jamietanna
commented
1 year ago Is this related to Bridgy Fed constructing the HTTP signature, or the other Mastodon server?
If it's Bridgy Fed, it may be related to an issue I've seen at $previousJob that may explain why it's just me seeing it seo far.
The issue was where the querystring that is given to AWS Lambda (which I'm using for my redirects) isn't the same as the querystring that's being signed, so the solution we had was to make sure that the signature generation always uses an alphabetically-sorted set of querystring params, rather than in the order they come in.
May not actually be the case, but thought I'd share!
jamietanna
commented
1 year ago I see a tag:fed.brid.gy:accept/jvt.me/ with only the short URL, not the www., could also be related?
snarfed
commented
1 year ago Thanks for the ideas! There's no query string in these inbox URLs, and the JSON body is serialized and that same string is used for both the signature and the HTTP request. More importantly, Mastodon is accepting our signatures for other Accepts and our signature for your Create activity, examples above.
~The tag is possible, but I also suspect this, since domain_from_link strips www:~
Edit: never mind, that's the destination inbox, which isn't on www.jvt.me. Ignore that.
Ideally, I'd always drop www., for all users, everywhere, but I'd need to think through the UX first.
jamietanna
commented
1 year ago Would that mean I'd need to ask people to follow @jvt.me@jvt.me in that case?
snarfed
commented
1 year ago Yes, but there may be valid UX needs for some people who want www vs non-www. No decisions or changes here yet on my part, initial step here is just to get www.jvt.me working as is.
snarfed
commented
1 year ago Fixed! Will attach the commit here soon.
jamietanna
commented
1 year ago Woop, I can see in the indieweb.social UI that I've been able to follow šš½
@jamietanna congrats and condolences, your site managed to hit a domain-specific bug that we're not seeing with other users. Mastodon is rejecting our HTTP Signatures for AP activities that we send on your behalf, but it's accepting the same activities for other users. Example, BF replying to @Tymscar's Follow (https://twitter.com/Tymscar/status/1589550831036403713) with Accept: https://fed.brid.gy/log?key=https://fosstodon.org/c129199f-c63d-4a13-8f8f-997e5f8c8984&start_time=1667768647