Follower requests never complete - ModSecurity off

[edent]

I've successfully set up @blog@shkspr.mobi - it appears on the Fediverse. But people can't follow it.

ModSecurity is set to "off" in my cPanel. As per #341 and https://blog.rac.me.uk/2022/11/10/activitypub-for-wordpress-how-to-fix-modsecurity-to-make-it-work/#adding-the-new-mod-security-rule that should fix it. But it doesn't.

Are there any tests I can run to see what the problem is?

Site Health shows:

Author URL is not accessible ActivityPub
Your author URL https://shkspr.mobi/blog/author/admin/ does not return valid JSON for application/activity+json. Please check if your hosting supports alternate Accept headers.

However, I am not using admin as the author; I've disabled the author in the settings and have a generic blog profile ID.

[pfefferle]

Yes, it seems to return only HTML!

You can check it with

## Request (23)
curl "https://shkspr.mobi/blog/author/admin/" \
     -H 'Accept: application/activity+json'

Have you enabled caching? Maybe the cache does not support content negotiation?

[edent]

Interesting. If I do curl "https://shkspr.mobi/blog/@qwerty" I get

{"code":"activitypub_user_not_found","message":"User not found","data":{"status":404}}

But if I do curl "https://shkspr.mobi/blog/@blog" (which is the username) I get a 301 redirect to my blog's front page.

I had this as the setup:

I've excluded /author/ from the cache. And re-enabled the author profile type. But follow requests still aren't processed.

[pfefferle]

yes, it redirects if you do not add the application/activity+json Accept header. It is the blog user so you see all its posts on the main page :)

Have you also excluded the API and the @-urls? Because the blog-user has no author URL, it is a simple rewrite rule to an API endpoint.

[edent]

OK, I think I've done all that - but I still can't accept followers.

@admin@shkspr.mobi appears on Mastodon.social and I can see the last few blog posts.

@blog@shkspr.mobi appears on Mastodon.social but there are no posts.

Following either of them doesn't work.

I've excluded the following URls from cacheing.

/.well-known/*
/wp-json/*
/author/*
/@blog

Are there any others which should be excluded?

[pfefferle]

shouldn't it be /blog/...?

[pfefferle]

can you try to disable caching completely to run some tests? can you give me a ping when disabled?

[edent]

I've disabled caching for tonight.

[jarbochov]

Okay, I'm a novice, but I can find my user account for my blog. The JSON for the account is listing:

{"@context":["https:\/\/www.w3.org\/ns\/activitystreams","https:\/\/w3id.org\/security\/v1",{"manuallyApprovesFollowers":"as:manuallyApprovesFollowers","PropertyValue":"schema:PropertyValue","schema":"http:\/\/schema.org#","pt":"https:\/\/joinpeertube.org\/ns#","toot":"http:\/\/joinmastodon.org\/ns#","webfinger":"https:\/\/webfinger.net\/#","litepub":"http:\/\/litepub.social\/ns#","value":"schema:value","Hashtag":"as:Hashtag","featured":{"@id":"toot:featured","@type":"@id"},"featuredTags":{"@id":"toot:featuredTags","@type":"@id"},"alsoKnownAs":{"@id":"as:alsoKnownAs","@type":"@id"},"discoverable":"toot:discoverable","sensitive":"as:sensitive","resource":"webfinger:resource"}],"id":"https:\/\/wyomingjarbo.com\/blog\/wp-json\/activitypub\/1.0\/users\/0\/inbox","generator":"http:\/\/wordpress.org\/?v=6.3.1","type":"OrderedCollectionPage","partOf":"https:\/\/wyomingjarbo.com\/blog\/wp-json\/activitypub\/1.0\/users\/0\/inbox","totalItems":0,"orderedItems":[],"first":"https:\/\/wyomingjarbo.com\/blog\/wp-json\/activitypub\/1.0\/users\/0\/inbox"}

How is "manuallyApprovesFollowers":"as:manuallyApprovesFollowers", being populated?

[blindi0815]

my blog is https://endeavr.de
my blog user is @endeavr.de@endeavr.de
I can find the user on Mastodon. If I follow I encounter the same issue as per above.
if I do curl I get no result back:

$ curl "https://endeavr.de/@endeavr.de"
$

blog host is based on Yunohost/ nginx

[pfefferle]

@blindi0815 works for me

[pfefferle]

@jarbochov I assume that there is an issue somewhere, that is caused by WordPress installations in sub-pathes. Currently I am checking if there is an issue with signature verification, because of a wrong generated URL/URI.

[blindi0815]

@pfefferle
Doesn't from my instance marctodon.marci.one - it is a plain mastodon instance hosted by myself. Is there anything that the instance must support?

[pfefferle]

@blindi0815 sorry, I have no idea! I have no experience in hosting a Mastodon instance!

[blindi0815]

Might be an issue with the Mastodon instance version. Mine is running on 4.1.7, yours and @jarbochov is running on 4.2.0 nightly build. I can see the access in the nginx logs and they all look the same. Just that my instance doesn't like the response. Oh well. Thank you anyways

[pfefferle]

Can you (the ones who run WordPress in a subdirectory) tell me the value of your home_url & site_url? I think I found the issue!

[pfefferle]

@edent @jarbochov can you test if the PR fixes your issue?

#438

[edent]

site_url(): https://shkspr.mobi/blog

home_url(): https://shkspr.mobi/blog

[jarbochov]

That appears to have fixed it. Going to test to see if it pushes a post.

[jarbochov]

Post successful. Thanks for your quick turnaround this.

[pfefferle]

@edent do you have an update for us?

[edent]

@pfefferle I now have 80+ followers and they seem to be receiving my posts 😃

[scollovati]

Similar issue here for the blog id https://www.como1.it/@scout

Last version of the plugin and of WordPress.
No caching plugins are active. I've also tested the endpoint and the json file seems to be fine, but the blog cannot be followed.