Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
I’m kind of tired of social networks offering even the pretense of privacy. Just loudly proclaim that everything is public but clients can filter out shit you don’t wanna see.