Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • 0x1C3B00DA
    link
    fedilink
    411 months ago

    Sure, but that’s already solved on the fediverse by using HTTP Signatures and isn’t related to Authorized Fetch.

    • @[email protected]
      link
      fedilink
      English
      211 months ago

      I meant to say generally, for folks that might read this comment and think problems surrounding the platform and security are solved.