Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

    • pelespirit@sh.itjust.works
      link
      fedilink
      arrow-up
      3
      arrow-down
      3
      ·
      11 months ago

      Why would they fix it?

      Isn’t that what I’m asking if they fixed, am I not understanding, or are you fucking with me?

      • linearchaos@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        They are assuming that the developers are in on it, you’re assuming the developers are not in on it.

        Realistically, big breaking changes are a source of serious pain for open networks like these. They’re not going to be compelled to fix it until it’s an active problem when there are a lot bigger problems sitting around that are easier to fix.

        • pelespirit@sh.itjust.works
          link
          fedilink
          arrow-up
          2
          ·
          11 months ago

          Thank you for explaining it, I think you’re right. Not sure why they wouldn’t explain it to me, I can’t read minds and that’s an interesting conversation.

          They’re not going to be compelled to fix it until it’s an active problem when there are a lot bigger problems sitting around that are easier to fix.

          Which is even more reason for all the big instances to not federate, but it’s their choice. All these smaller instance, weekend hobbyists are going to feel the pain. At least meta says they’re going to integrate slowly. We’ll see.

      • poVoq@slrpnk.net
        link
        fedilink
        arrow-up
        6
        arrow-down
        9
        ·
        11 months ago

        Who is they? From the way you wrote it the only “they” would be the “alt right developers” from the headline.