Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

FòrumCAT

  1. Home
  2. ActivityPub
  3. Pleroma Webfinger compatibility

Pleroma Webfinger compatibility

Scheduled Pinned Locked Moved ActivityPub
activitypubpleromawebfinger
11 Posts 3 Posters 2 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J This user is from outside of this forum
    J This user is from outside of this forum
    julian@community.nodebb.org
    wrote on 9 May 2025, 14:00 last edited by
    #1

    Does anybody know what exactly Pleroma needs for a valid Webfinger check? I'm attempting to figure out why @jmtd@pleroma.debian.social won't resolve in NodeBB, and it's because the webfinger call returns 400 Bad Request.

    NodeBB is calling https://pleroma.debian.social/.well-known/webfinger?resource=acct%3Ajmtd%40pleroma.debian.social with User-Agent and Content-Type headers (curiously, it's not sending Accept, but it also fails if that header is set, so that's irrelevant.)

    Navigating to that webfinger url in the browser returns XML, which is 😬 but I'm not even getting that when NodeBB makes the call.

    1 Reply Last reply
    1
    0
    • T This user is from outside of this forum
      T This user is from outside of this forum
      thisismissem@hachyderm.io
      wrote on 9 May 2025, 14:20 last edited by
      #2

      @julian fedify manages it, so many take a look at their webfinger implementation?

      1 Reply Last reply
      0
      • T This user is from outside of this forum
        T This user is from outside of this forum
        thisismissem@hachyderm.io
        wrote on 9 May 2025, 14:22 last edited by
        #3

        @julian try sending `Accept: application/jrd+json`

        Since that's the content-type for webfinger, not application/json. In fedify, the fetch call is also with redirect manual, such that max redirection logic and SSRF checks can be done.

        1 Reply Last reply
        0
        • T This user is from outside of this forum
          T This user is from outside of this forum
          thisismissem@hachyderm.io
          wrote on 9 May 2025, 14:23 last edited by
          #4

          @julian oh! it's because you're sending the Content-Type header, send Accept instead.

          T 1 Reply Last reply 9 May 2025, 14:24
          0
          • T thisismissem@hachyderm.io
            9 May 2025, 14:23

            @julian oh! it's because you're sending the Content-Type header, send Accept instead.

            T This user is from outside of this forum
            T This user is from outside of this forum
            thisismissem@hachyderm.io
            wrote on 9 May 2025, 14:24 last edited by
            #5

            @julian which actually makes sense, because with a GET request, you're not sending any request content, and Content-Type applies to the request body, not to the content type you want back.

            J 1 Reply Last reply 9 May 2025, 14:25
            0
            • T thisismissem@hachyderm.io
              9 May 2025, 14:24

              @julian which actually makes sense, because with a GET request, you're not sending any request content, and Content-Type applies to the request body, not to the content type you want back.

              J This user is from outside of this forum
              J This user is from outside of this forum
              julian@community.nodebb.org
              wrote on 9 May 2025, 14:25 last edited by
              #6

              thisismissem@hachyderm.io yeah, I tried sending Accept too, which also fails. Will try the suggested type.

              The library we use just blanket sends content-type because we're usually POSTing haha. Shouldn't hurt to include it, but who knows.

              1 Reply Last reply
              0
              • T This user is from outside of this forum
                T This user is from outside of this forum
                thisismissem@hachyderm.io
                wrote on 9 May 2025, 14:29 last edited by
                #7

                @julian eh? I mean, sure, or just detect whether the request is a GET / HEAD / OPTIONS request, and then don't send the content-type header? (since those methods don't support request bodies iirc)

                J 1 Reply Last reply 9 May 2025, 14:35
                0
                • T thisismissem@hachyderm.io
                  9 May 2025, 14:29

                  @julian eh? I mean, sure, or just detect whether the request is a GET / HEAD / OPTIONS request, and then don't send the content-type header? (since those methods don't support request bodies iirc)

                  J This user is from outside of this forum
                  J This user is from outside of this forum
                  julian@community.nodebb.org
                  wrote on 9 May 2025, 14:35 last edited by
                  #8

                  thisismissem@hachyderm.io yes, but... that takes effforrrrrrrtttt 😦

                  Anyway, ding ding ding, application/jrd+json was it 🏆

                  1 Reply Last reply
                  0
                  • T This user is from outside of this forum
                    T This user is from outside of this forum
                    trwnh@mastodon.social
                    wrote on 9 May 2025, 14:59 last edited by
                    #9

                    @julian are you sending accept application/json or accept application/jrd+json instead of accept application/activity+json?

                    J 1 Reply Last reply 9 May 2025, 15:10
                    0
                    • T trwnh@mastodon.social
                      9 May 2025, 14:59

                      @julian are you sending accept application/json or accept application/jrd+json instead of accept application/activity+json?

                      J This user is from outside of this forum
                      J This user is from outside of this forum
                      julian@community.nodebb.org
                      wrote on 9 May 2025, 15:10 last edited by julian@community.nodebb.org 5 Sept 2025, 17:11
                      #10

                      trwnh@mastodon.social before, I was not sending Accept at all, now I am sending application/jrd+json.

                      FWIW testing with cURL showed the same Bad Request with application/json.

                      1 Reply Last reply
                      0
                      • T This user is from outside of this forum
                        T This user is from outside of this forum
                        trwnh@mastodon.social
                        wrote on 11 May 2025, 21:28 last edited by
                        #11

                        @julian the Bad Request must be something else, because pleroma handles application/json and application/jrd+json just fine https://git.pleroma.social/pleroma/pleroma/-/blob/develop/lib/pleroma/web/web_finger/web_finger_controller.ex#L33

                        1 Reply Last reply
                        0
                        • projectmoon@forum.agnos.isP projectmoon@forum.agnos.is shared this topic on 10 Jun 2025, 09:48
                        Reply
                        • Reply as topic
                        Log in to reply
                        • Oldest to Newest
                        • Newest to Oldest
                        • Most Votes

                        1/11

                        9 May 2025, 14:00


                        • Login

                        1 out of 11
                        • First post
                          1/11
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • World
                        • Users
                        • Groups