Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • 0x1C3B00DA@kbin.social
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    11 months ago

    Sure, but that’s already solved on the fediverse by using HTTP Signatures and isn’t related to Authorized Fetch.

    • heavy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      I meant to say generally, for folks that might read this comment and think problems surrounding the platform and security are solved.