Option to hide www subdomain from account identifier

[aciccarello]

By default a site that is hosted at the common www subdomain has that subdomain propagated to the account name such as @www.example.com@www.example.com. I would like to be able to drop the subdomain for a username like @example.com@example.com

Implementation Thoughts

• extending the acct: identifier to allow modifying the domain as well
• Something more general to the indieweb (such as something related to IndieAuth me response values)
• Would need to ensure control of the parent domain

Related conversations

• #indieweb-dev 2022-11-22

• 52

[snarfed]

The easiest thing to do here would be to do this automatically for all sites that redirect their root domain to www, like https://ciccarello.me does.

Looking at current users, 20 out of 310 total are www subdomains. I expect most of those are inactive, but there are probably some who are active that we'd need to migrate or special case. Doable though!

[snarfed]

@aciccarello if we do this, you'd switch to an entirely new/separate fediverse identity, from @anthony@www.ciccarello.me to @anthony@ciccarello.me. I might be able to migrate some of your followers/following, but no promises, and no posts or other interactions. Would you want that?

[tuukka]

What are the restrictions in general, e.g. can I use @subdomain@domain.example?

[snarfed]

No restrictions right now, you can use any username and domain, at long as you serve the redirects on that domain: https://fed.brid.gy/docs#setup

[datakurre]

No restrictions right now, you can use any username and domain, at long as you serve the redirects on that domain: https://fed.brid.gy/docs#setup

But if I read the code correctly, domain in acct:username@domain must be the same where the h-card is fetched from? https://github.com/snarfed/bridgy-fed/blob/a222d5d1c5744487638f75e62b120d8d361b1726/models.py#L99

I have https://fed.brid.gy/datakurre.pandala.org working properly with acct:datakurre@datakurre.pandala.org, but @tuukka argued, that because I also own the domain pandala.org, it would make sense and be simpler for me to have acct:datakurre@pandala.org for any subdomain.pandala.org identity. So that when I make webmention with source from https://datakurre.pandala.org/, it would trigger delivery with acct:datakurre@pandala.org.

Does that make sense, and how would it be doable? I assume that the domain check is in place to avoid possible impersonation issues.

[snarfed]

Yes! I totally get the desire to use a shorter domain for your fediverse address. And you're right, the current domain check is to prevent impersonation, since eg sillyblog.wordpress.com obviously isn't the same as wordpress.com.

Can you serve the .well-known redirects and a small invisible h-card on pandala.org? That would let you use it as your address.

[datakurre]

@snarfed Yes, https://fed.brid.gy/pandala.org (or https://pandala.org/.well-known/webfinger?resource=acct:datakurre@pandala.org) already shows the desired outcome, but if I change h-card at datakurre.pandala.org to have acct:datakurre@pandala.org instead of acct:datakurre@datakurre.pandala.org, it is no longer accepted and defaults to acct:datakurre.pandala.org@datakurre.pandala.org.

[snarfed]

Right, that's the expected behavior, to prevent impersonation.

[datakurre]

Agreed. But is there a way to make it work?

I just learned, that it is possible to define <a class="p-author h-card" href="http://example.com">W. Developer</a> in an h-entry.

I tried that, but not sure if it had any effect https://fed.brid.gy/log?start_time=1669576618&key=http://datakurre.pandala.org/2022/10/collective-bpmproxy/%20https://fosstodon.org/inbox&module=

I was expecting that event to be available at https://fed.brid.gy/user/pandala.org but it was still at https://fed.brid.gy/user/datakurre.pandala.org (well, of course... not sure how this could be done safely)

And then I started wondering, if a page could have multiple representative h-cards with using URL #fragments, but did not find an answer yet. https://indiewebify.me/validate-h-card does not seem to distinct by #fragment.

[tuukka]

After https://pandala.org/ has the h-card saying acct:datakurre@pandala.org can be found at https://datakurre.pandala.org/, I think it's safe to let https://datakurre.pandala.org/ post as acct:datakurre@pandala.org. Both domains have made the same claim about where the account can be found.

[aciccarello]

@aciccarello if we do this, you'd switch to an entirely new/separate fediverse identity, from @anthony@www.ciccarello.me to @anthony@ciccarello.me. I might be able to migrate some of your followers/following, but no promises, and no posts or other interactions. Would you want that?

Yes! I'd be happy to try this out if it's implemented. My followers/interactions list is really small so I'm not afraid of losing that. I could even reach out to followers if something breaks.

[snarfed]

@datakurre @tuukka understood! The standard IndieWeb way to say "I own both this page and that page" is bidirectional rel-me links. This is eg how Mastodon currently determines whether to show the web site link in profiles with a green "verified" check. Here's how we crawl those links.

I'm considering the simpler www-specific request here, but I'm reluctant to implement anything more complicated yet, whether via rel-me crawling or anything else. Not a high priority right now.

[datakurre]

@snarfed Thanks for you thoughts! These truly are mostly cosmetic things right now, and there must be more important features in bridgy-fed to prioritize :sweat_smile: I still feel pretty excited of bridgy-fed approach :+1:

[snarfed]

@jamietanna you're using www.jvt.me as your current fediverse address, right? Any thoughts on this issue and https://github.com/snarfed/bridgy-fed/issues/314#issuecomment-1328141676 ?

[snarfed]

My tentative plan here is to special-case www subdomains. BF will fetch the root domain at signup, and if it redirects to www, it will drop the www from the AP address. I'll also hard code an opt out for @jamietanna (the one other very active www user) until he says he's ok with switching.

[snarfed]

OK, first pass at this is up, it implements the design ^ above. Notably:

• Signup on https://fed.brid.gy/web-site detects authoritative www sites, ie sites where the root domain redirects to www, and makes non-www users for them eg https://fed.brid.gy/user/ciccarello.me
• Existing authoritative www user pages now redirect to their non-www pages
• Existing www AP users still work, eg https://fed.brid.gy/www.ciccarello.me. I don't plan to migrate followers etc.
• www.jvt.me is special cased to opt out of this. @jamietanna let me know if you want me to drop that special case!

[jamietanna]

Sorry I had started a reply to this but didn't send it, yep I'd prefer to stay opeted out, thank you ☺

[aciccarello]

@snarfed I've updated ciccarello.me with acct:@anthony@ciccarello.me which bridgy does pick up. Bridgy also sent a webmention for my follow from toot.cafe but that doesn't appear in the bridgy fed count.

[snarfed]

Thanks for the nudge! Looks like a BF bug, I'll look soon.

[snarfed]

Log: https://fed.brid.gy/log?key=7d9f6700-754e-4596-af3f-3f55768c9764&start_time=1670309279

[snarfed]

Thanks again @aciccarello! Fixed.