- cross-posted to:
- fediverse@kbin.social
- fediverse@lemmy.ml
- cross-posted to:
- fediverse@kbin.social
- fediverse@lemmy.ml
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
Sure, but that’s already solved on the fediverse by using HTTP Signatures and isn’t related to Authorized Fetch.
I meant to say generally, for folks that might read this comment and think problems surrounding the platform and security are solved.