Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add HTTP signatures to all outgoing ActivityPub GET requests #11284
This was a lot simpler than I thought it would be. All ActivityPub fetches are using
I'm removing the code for attempting to fetch without signature if fetch with signature fails because if #11269 will be enabled in the long-term it will be a waste of time.
Instance actor is in the works, but this will do for now. It's only a random account when the "contact account" is not configured. But in either case it's the same account every time. The only risk/downside to this approach vs dedicated instance actor account is that personal accounts may be suspended on the remote end for personal reasons--or, in the case of reports, the remote admin may misinterpret the actions as personal rather than automated.