Allow list federation behavior
Uncategorized
3
Beiträge
2
Kommentatoren
15
Aufrufe
-
Hi,
I just installed a free trial test forum at https://testff.nodebb.com and am excited about this forum software.
I experienced some unexpected (to me) behavior when using limited federation mode aka. the allow list.
Apparently all other servers are muted one side, but not blocked.
Meaning: Everybody in the Fediverse can see this topic: https://testff.nodebb.com/post/1 They can reply to it and see everybody's replies, but from the forum itself only replies by users on the allowlisted instances are visible.Is this intentional, or did I do something wrong?
-
Hi,
I just installed a free trial test forum at https://testff.nodebb.com and am excited about this forum software.
I experienced some unexpected (to me) behavior when using limited federation mode aka. the allow list.
Apparently all other servers are muted one side, but not blocked.
Meaning: Everybody in the Fediverse can see this topic: https://testff.nodebb.com/post/1 They can reply to it and see everybody's replies, but from the forum itself only replies by users on the allowlisted instances are visible.Is this intentional, or did I do something wrong?
Hi PaulaToThePeople! The allow/deny list functionality was something that jdp23@neuromatch.social requested, but I will fully admit that it is not fleshed out as well as could be.
Currently the allow/deny list behaviour simply checks the incoming activities for matching domains, and refuses to parse them if so; when using it as an allow-list, then only matching domains are let through.
It does mean that right now anybody on the fediverse can request and see content, so that needs to be fixed up.
Thanks for letting me know!
AP allow/deny list should deny read access to local content unless verified · Issue #13460 · NodeBB/NodeBB
New middleware needs to be added to validate incoming requests by HTTP signature for all AP resources.
GitHub (github.com)
-
S support@community.nodebb.org shared this topic
-
Okay, thanks. Then I guess I'll just have to wait.
