Gregory's Server@t54r4n1 I have a feeling they set up a fedi server specifically to get around authorized fetch issues
|
10 comments
 @liaizon fwiw, authorized fetch is only going to stop another signed activitypub request if you have the domain suspended or operate on an allow list. Any legitimate AP request that is signed will go through otherwise. I feel like they are pulling from mastodon.social's API streaming endpoint. So posts that end up on m.s' federated timeline are going to end up on there  so now that Jimmy jumped in thread and I had a quick look at his masto.soc profile, it looks like they are indeed implementing activitypub - https://mastodon.social/@jsecretan/with_replies - so, defederating from maven.ly should help; looks like they're currently using staging.maven.ly (see test account https://staging.maven.ly/mastodon/actor/1 )but blocking the TLD is deffo the move imho  @liaizon @djsundog @t54r4n1 authorized fetch isn't meant to block a fedi server from federating. It's only when you blocked a server that authorized fetch comes into action. Some details here: https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/ |
@djsundog @t54r4n1 wait so you had AUTHORIZED FETCH turned on that they still got all your shit?