Pleroma Webfinger compatibility
-
Does anybody know what exactly Pleroma needs for a valid Webfinger check? I'm attempting to figure out why
@jmtd@pleroma.debian.socialwon't resolve in NodeBB, and it's because the webfinger call returns400 Bad Request.NodeBB is calling
https://pleroma.debian.social/.well-known/webfinger?resource=acct%3Ajmtd%40pleroma.debian.socialwithUser-AgentandContent-Typeheaders (curiously, it's not sendingAccept, but it also fails if that header is set, so that's irrelevant.)Navigating to that webfinger url in the browser returns XML, which is
but I'm not even getting that when NodeBB makes the call. -
@julian fedify manages it, so many take a look at their webfinger implementation?
-
@julian try sending `Accept: application/jrd+json`
Since that's the content-type for webfinger, not application/json. In fedify, the fetch call is also with redirect manual, such that max redirection logic and SSRF checks can be done.
-
@julian oh! it's because you're sending the Content-Type header, send Accept instead.
-
@julian oh! it's because you're sending the Content-Type header, send Accept instead.
@julian which actually makes sense, because with a GET request, you're not sending any request content, and Content-Type applies to the request body, not to the content type you want back.
-
@julian which actually makes sense, because with a GET request, you're not sending any request content, and Content-Type applies to the request body, not to the content type you want back.
thisismissem@hachyderm.io yeah, I tried sending Accept too, which also fails. Will try the suggested type.
The library we use just blanket sends content-type because we're usually POSTing haha. Shouldn't hurt to include it, but who knows.
-
@julian eh? I mean, sure, or just detect whether the request is a GET / HEAD / OPTIONS request, and then don't send the content-type header? (since those methods don't support request bodies iirc)
-
@julian eh? I mean, sure, or just detect whether the request is a GET / HEAD / OPTIONS request, and then don't send the content-type header? (since those methods don't support request bodies iirc)
thisismissem@hachyderm.io yes, but... that takes effforrrrrrrtttt
Anyway, ding ding ding,
application/jrd+jsonwas it
-
@julian are you sending accept application/json or accept application/jrd+json instead of accept application/activity+json?
-
@julian are you sending accept application/json or accept application/jrd+json instead of accept application/activity+json?
trwnh@mastodon.social before, I was not sending
Acceptat all, now I am sendingapplication/jrd+json.FWIW testing with cURL showed the same
Bad Requestwithapplication/json.
