Authorized Fetch
Authorized Fetch | |
---|---|
Description | Prevents unauthorized access to instance content |
Env Variable | AUTHORIZED_FETCH |
Default | false |
Current Value | false |
Related To | Defederated Instances, Federation Abuse Policy, Moderation |
Docs | https://docs.joinmastodon.org/admin/config/#authorized fetch |
Defederation, by default, doesn't completely prevent blocked accounts or instances from accessing our instance's content. Authorized fetch is an additional step to prevent scraping or other automated collection of instance data.
Effects
Access
- The primary effect is to require the underlying JSON-LD, ActivityPub representation of server content be requested by a valid ActivityPub Actor (that isn't blocked or suspended). Typically this data doesn't require authentication, so even if an instance is blocked/defederated, they can still access instance data with an unauthenticated, anonymous request.
- Statuses and accounts are still visible via manual HTTP/HTML access through the website to people who are logged out, only the JSON-LD representation is affected.
Caching
- A secondary effect is that ours and other instances can't cache our data as effectively, which requires modestly more networking/compute resources.
Implementation
- Many actions invoke
require_account_signature
(source), which checks that the request comes from an account, accompanied by a valid signature- Fetching account details like followers/following
- Fetching statuses
- Fetching hashtags
- Fetching replies
- Causes many items not to be cached (re-served on demand)
- Turns off
public_fetch_mode
in the ApplicationController (source)- Causes the "public" setting to be turned into
private
in HTTP cache-control flags, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
- Causes the "public" setting to be turned into
Docs
https://docs.joinmastodon.org/admin/config/#authorized_fetch
Also called “secure mode”. When set to true, the following changes occur:
- Mastodon will stop generating linked-data signatures for public posts, which prevents them from being re-distributed efficiently but without precise control. Since a linked-data object with a signature is entirely self-contained, it can be passed around without making extra requests to the server where it originates.
- Mastodon will require HTTP signature authentication on ActivityPub representations of public posts and profiles, which are normally available without any authentication. Profiles will only return barebones technical information when no authentication is supplied.
As a result, through the authentication mechanism and avoiding re-distribution mechanisms that do not have your server in the loop, it becomes possible to enforce who can and cannot retrieve even public content from your server, e.g. servers whose domains you have blocked.