Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inbox returns "202 Accepted" for invalid actor #16764

Open
n-bernat opened this issue Sep 21, 2021 · 3 comments
Open

inbox returns "202 Accepted" for invalid actor #16764

n-bernat opened this issue Sep 21, 2021 · 3 comments
Labels
bug Something isn't working

Comments

@n-bernat
Copy link

n-bernat commented Sep 21, 2021
edited

Expected behaviour

4XX error

Actual behaviour

202 Accepted

Steps to reproduce the problem

Mastodon's [POST] /inbox endpoint returns 202 Accepted when provided to parameter in a Note is invalid. It's not something really important, but if someone else runs into this problem it may be a good idea to double-check this param.

Related issue that kinda mentions it but not really: #8328

Simple request that returns 202:

{
  "@context": "https://www.w3.org/ns/activitystreams",
  "id": "https://example.com/notes/12345678/activity",
  "type": "Create",
  "actor": "https://example.com/actor",
  "object": {
    "id": "https://example.com/notes/12345678",
    "type": "Note",
    "published": "2021-09-21T14:19:18Z",
    "attributedTo": "https://example.com/actor",
    "content": "<p>Hello world</p>",
    "to": "https://mastodon.social/random-invalid-url"
  }
}

Specifications

Mastodon v3.4.1 (latest live on mastodon.social)
@n-bernat n-bernat added the bug Something isn't working label Sep 21, 2021
@ClearlyClaire
Copy link
Contributor

Only very superficial checking is done synchronously when receiving an activity (basically, is the request signed, is it a valid json, does it look like ActivityStreams), the actual processing (and more advanced checking) is performed in a worker, so the results cannot be reflected by the response's status code.

I guess we could perform checks before queuing the job and returning a status code, but I'm not completely sure this is worth splitting the processing code that way.

@sventiffe
Copy link

I also find this behavior confusing although 202 seems to be totally accurate ("request has been accepted for processing, but the processing has not been completed").

I ran into this when accepting a Follow activity (from a relay). A relay will accept but if the payload is wrong (ie the original Follow activity) then the relay will not know that the Mastodon instance could not accept the Accept. It puts a lot of responsibility on the sender to get things right (and on the communication between the admins of sender and recipient if users notice that something is wrong).

I would probably expect a HTTP 4** if the Accept is syntactically/semantically incorrect. Given that I am not familiar how complex the change would be, I do not have a strong opinion though.

@matthewp
Copy link

In general, the 202 status makes it very hard to debug what you are doing wrong when building an ActivityPub app. You probably made a mistake but without any error responses you don't know where the problem might be.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@matthewp @ClearlyClaire @n-bernat @sventiffe