I'm thinking in adding #ONI proxyUrl support in the frontend.
-
I'm thinking in adding #ONI proxyUrl support in the frontend.
Currently if a request to a remote #ActivityPub object fails - either due to CORS, or because of authorized fetch - I just display a fallback link to it.
I'm wondering if I can do a two step approach, if the request to the resource fails with 401-403 (for secure fetch) or 400 (for CORS failures) I try to redirect the request through the proxyUrl mechanism.
Only if that fails too, I fallback to something else.
-
I'm thinking in adding #ONI proxyUrl support in the frontend.
Currently if a request to a remote #ActivityPub object fails - either due to CORS, or because of authorized fetch - I just display a fallback link to it.
I'm wondering if I can do a two step approach, if the request to the resource fails with 401-403 (for secure fetch) or 400 (for CORS failures) I try to redirect the request through the proxyUrl mechanism.
Only if that fails too, I fallback to something else.
:
... and done!Now I have the actors of remote instances (like mitra.social and mastodonapp.uk) loading properly in the inbox of ONI.
I'm not proud of the JavaScript that does it, there must be an idiomatic way to chain fetch requests without the Promise in Promise spaghetti I just wrote.
-
:
... and done!Now I have the actors of remote instances (like mitra.social and mastodonapp.uk) loading properly in the inbox of ONI.
I'm not proud of the JavaScript that does it, there must be an idiomatic way to chain fetch requests without the Promise in Promise spaghetti I just wrote.
Ooops... mitra.social is down.
I hope it wasn't me that brought it down with my testing. :(( Sorry @silverpill pill@mitra.social
-
Ooops... mitra.social is down.
I hope it wasn't me that brought it down with my testing. :(( Sorry @silverpill pill@mitra.social
@mariusor No worries, I was deploying an update :]
-
@mariusor No worries, I was deploying an update :]
Now I have the actors of remote instances (like mitra.social and mastodonapp.uk) loading properly in the inbox of ONI.
Are mitra.social actors special in some way?
-
Now I have the actors of remote instances (like mitra.social and mastodonapp.uk) loading properly in the inbox of ONI.
Are mitra.social actors special in some way?
@silverpill when I fetch mitra actors from the browser with JavaScript fetch, it disallows them due to the server not allowing CORS pre-flight requests.
When I was adding support for Django's C2S client, it became apparent that if we want objects be accessible form in browser clients, the servers need very relaxed CORS policies. I defaulted to accepting all https:// ... but I'm thinking about rules based on the actor's followers perhaps..
-
@silverpill when I fetch mitra actors from the browser with JavaScript fetch, it disallows them due to the server not allowing CORS pre-flight requests.
When I was adding support for Django's C2S client, it became apparent that if we want objects be accessible form in browser clients, the servers need very relaxed CORS policies. I defaulted to accepting all https:// ... but I'm thinking about rules based on the actor's followers perhaps..
> Django's C2S client
Is this my client, my server, or something else entirely you are talking about?
-
> Django's C2S client
Is this my client, my server, or something else entirely you are talking about?
Django the person at social.coop who investigated client to server for a FOSDEM presentation.
I didn't want to pull them into the discussion.
-
Django the person at social.coop who investigated client to server for a FOSDEM presentation.
I didn't want to pull them into the discussion.
Well, that's a remarkable coincidence. I'm doing work on a Django server that implements C2S, and the last couple of weeks I started working on a browser extension that acts as a AP client.
-
@silverpill when I fetch mitra actors from the browser with JavaScript fetch, it disallows them due to the server not allowing CORS pre-flight requests.
When I was adding support for Django's C2S client, it became apparent that if we want objects be accessible form in browser clients, the servers need very relaxed CORS policies. I defaulted to accepting all https:// ... but I'm thinking about rules based on the actor's followers perhaps..
@mariusor Yes, mitra's CORS config is a bit weird. I plan to change it to a more permissive one in the future
-
Well, that's a remarkable coincidence. I'm doing work on a Django server that implements C2S, and the last couple of weeks I started working on a browser extension that acts as a AP client.
@raphael if you want a server that's already has a good C2S implementation to test against, let me know.
-
@mariusor Yes, mitra's CORS config is a bit weird. I plan to change it to a more permissive one in the future
@silverpill can't wait... the good thing about my implementation of using proxyUrl from the frontend is that it only kicks in on failed requests, so it'll be transparent when you switch.
-
@raphael if you want a server that's already has a good C2S implementation to test against, let me know.
I've been woking on the client by testing against my DAT server: https://activitypub.mushroomlabs.com/tutorials/standalone/
But I'm definitely interested in testing against servers that implement OAuth in a different way.
-
I've been woking on the client by testing against my DAT server: https://activitypub.mushroomlabs.com/tutorials/standalone/
But I'm definitely interested in testing against servers that implement OAuth in a different way.
@raphael both servers I built using GoActivityPub have support for Dynamic OAuth2 client creation (RFC7591 and RFC8414) and by using the Client ID Metadata Document draft if you plan to support one and/or the other.
