Describe the bug with a clear and concise description of what the bug is.
I'm filing this one as a bug because the behaviour is different from what I can observe from other implementations. Things do seem to work though.
It seems the returned URL from webfinger for rel=self when pointing at a gotosocial instance cannot be retrieved without applying an HTTP signature to the request. Other implementations do not require it and it strikes me as odd that this endpoint would require HTTP signatures since it's not involved in exchanging an activity.
$ curl -X GET -H 'Accept: application/activity+json' 'https://ap.dny.social/users/ohno'
{
"error": "Unauthorized: http request wasn't signed or http signature was invalid"
}
What you expected to happen?
I expected a document showing the inbox, outbox etc.
How to reproduce it?
Use curl against a gotosocial instance to retrieve user info and compare the results to doing the same query against a Pleroma, Mastodon or Honk instance
Anything else we need to know?
Mastodon, Pleroma and Honk do not require any form of HTTP signature to be applied.
I just spotted the comment in the handler for why. I suppose I can see that, though I wonder if some client apps expect to be able to fetch the info and might run into trouble when they can't.
Describe the bug with a clear and concise description of what the bug is.
I'm filing this one as a bug because the behaviour is different from what I can observe from other implementations. Things do seem to work though.
It seems the returned URL from webfinger for
rel=self
when pointing at a gotosocial instance cannot be retrieved without applying an HTTP signature to the request. Other implementations do not require it and it strikes me as odd that this endpoint would require HTTP signatures since it's not involved in exchanging an activity.What's your GoToSocial Version?
0.5.2
GoToSocial Arch
amd64 binary
Browser version
Firefox 107.0 (64-bit)
What happened?
What you expected to happen?
I expected a document showing the inbox, outbox etc.
How to reproduce it?
Use
curl
against a gotosocial instance to retrieve user info and compare the results to doing the same query against a Pleroma, Mastodon or Honk instanceAnything else we need to know?
Mastodon, Pleroma and Honk do not require any form of HTTP signature to be applied.