Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
Sure, but that’s already solved on the fediverse by using HTTP Signatures and isn’t related to Authorized Fetch.
I meant to say generally, for folks that might read this comment and think problems surrounding the platform and security are solved.