Skip to content

See #853: force authenticated ActivityPub checks when allow-list is enabled

Agate requested to merge 853-authenticated-fetches into develop

See #853 (closed)

Simple check to enforce authenticated fetches (with a HTTP signature) when allow-listing is enabled:

  • Return a 403 if no signature is present
  • Return a 403 if a signature is present but not from an allowed domain

cc @funkwhale/reviewers-python

Edited by Agate

Merge request reports