@silverpill @tesaguri I think you already had guidance that it is best practice to serve user generated content (i.e., files uploaded by users) on a non-activitypub enabled domain?
-
@silverpill @tesaguri I think you already had guidance that it is best practice to serve user generated content (i.e., files uploaded by users) on a non-activitypub enabled domain?
e.g., media.domain.example when domain.example is the AP server, as to prevent against these attacks?
-
@silverpill @tesaguri I think you already had guidance that it is best practice to serve user generated content (i.e., files uploaded by users) on a non-activitypub enabled domain?
e.g., media.domain.example when domain.example is the AP server, as to prevent against these attacks?
@thisismissem I think this solution is too cumbersome, so it shouldn't be the default recommendation. But I will mention it in the FEP because some applications may need to allow arbitrary JSON uploads, as @tesaguri pointed out.
