1,035
edits
No edit summary |
No edit summary |
||
Line 9: | Line 9: | ||
Up To: [[Part Of::Features]], [[Part Of::Config]] | Up To: [[Part Of::Features]], [[Part Of::Config]] | ||
Defederation, by default, doesn't completely prevent blocked accounts or instances from accessing our instance's content. | Defederation, by default, doesn't completely prevent blocked accounts or instances from accessing our instance's content. Authorized fetch is an additional step to prevent scraping or other automated collection of instance data. | ||
== Effects == | |||
=== Access === | |||
* The primary effect is to require the underlying JSON-LD, ActivityPub representation of server content be requested by a valid ActivityPub Actor (that isn't blocked or suspended). Typically this data doesn't require authentication, so even if an instance is blocked/defederated, they can still access instance data with an unauthenticated, anonymous request. | |||
* Statuses and accounts are '''still visible''' via manual HTTP/HTML access through the website to people who are logged out, only the JSON-LD representation is affected. | |||
=== Caching === | |||
* A secondary effect is that ours and other instances can't cache our data as effectively, which requires modestly more networking/compute resources. | |||
== Implementation == | |||
* Many actions invoke <code>require_account_signature</code> ([https://github.com/NeuromatchAcademy/mastodon/blob/cf9b7e9c62ca94a1f766d76480d4f40a285094a6/app/controllers/concerns/signature_verification.rb#L48 source]), which checks that the request comes from an account, accompanied by a valid signature | |||
** Fetching account details like followers/following | |||
** Fetching statuses | |||
** Fetching hashtags | |||
** Fetching replies | |||
* Causes many items not to be cached (re-served on demand) | |||
* Turns off <code>public_fetch_mode</code> in the ApplicationController ([https://github.com/NeuromatchAcademy/mastodon/blob/cf9b7e9c62ca94a1f766d76480d4f40a285094a6/app/controllers/application_controller.rb#L57 source]) | |||
** Causes the "public" setting to be turned into <code>private</code> in HTTP cache-control flags, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control | |||
== Docs == | == Docs == | ||
Line 25: | Line 48: | ||
== References == | |||
* https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/ | |||