Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
It’s not sustainable to keep offering poorly designed solutions. People need to understand some basic things about the system they’re using. The fediverse isn’t a private space and fediverse developers shouldn’t be advertising pseudo-private features as private or secure.