Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
185 lines (117 sloc) 6.57 KB

GNU Social Linkback Plugin

Implementation Home Page URL: https://gnu.io/social/

Source Code repo URL(s) (optional): https://git.gnu.io/gnu/gnu-social/

  • 100% open source implementation

Programming Language(s): PHP

Developer(s): Stephen Paul Weber

Implementation Classes (Sender and/or Receiver): Both

Sending

Discovery Tests (3.1.1)

MUST

Implementation Notes

13 and 17 currently do not pass because the HTML detection is done with PCRE and not a proper parser.

Sending Tests (3.1.2)

MUST

  • Accepts HTTP 200 response as a success
  • Accepts HTTP 201 response as a success
  • Accepts HTTP 202 response as a success

Update Tests (3.1.3)

SHOULD

Implementation Notes

There is no way to update a notice on GNU Social.

Delete Tests (3.1.4)

SHOULD

Security Considerations (4)

  • The sender avoids sending a Webmention to a loopback address (SHOULD)

Implementation Notes

All same-site webmentions are avoided.

Extensions

This implementation has also implemented the following extensions.

Receiving

Indicate which type of response the receiver provides:

  • HTTP 200 - Receiver synchronously processes the Webmention request (not recommended)
  • HTTP 201 - Receiver creates a status URL the sender can use to check the status of the Webmention
  • HTTP 202 - Receiver processes the Webmention asynchronously

Describe the response body (if any) which is returned in the request:

The URL of a notice created to embody the mention.

Request Verification (3.2.1)

  • Verifies source and target are valid URLs, rejecting with HTTP 400 (MUST)
  • Verifies that target is a valid resource for which the receiver accepts Webmentions, rejecting with HTTP 400 (SHOULD)
  • Ignores fragment when checking if target is supported (SHOULD)

Webmention Verification (3.2.2)

  • Verification is processed asynchronously (SHOULD)
  • Follows at least one HTTP redirect on source URL (MUST)
  • Respects a self-imposed limit on number of HTTP redirects to follow (MUST)

Source URL content-types supported

Please list the content types that your implementation supports when checking if the source document links to the target URL.

  • HTML
  • Other: Any text-based format contaning the URL

HTML Verification (3.2.2)

The tests below apply when the source document is HTML.

  • Accepts a Webmention where the target URL is in an <a> tag
  • Accepts a Webmention where the target URL is in an <img> tag
  • Accepts a Webmention where the target URL is in an <video> tag
  • Accepts a Webmention where the target URL is in an <audio> tag
  • Rejects a Webmention where the target URL is in the document as text
  • Rejects a Webmention where the target URL is in an <a> tag inside an HTML comment
  • Rejects a Webmention where the target URL is not in the document

Webmention Display/Use

  • The receiver displays data from the source URL on the target post (MAY)

  • The receiver recognizes that the source URL is a "comment" or "reply" to the post

  • using HTML markup: class="u-in-reply-to" or rel="in-reply-to"

  • The receiver recognizes that the source URL is a "like" of the post

  • using HTML markup: class="u-like-of"

  • The receiver recognizes that the source URL is a "repost" of the post

  • using HTML markup: class="u-repost-of"

  • The receiver recognizes that the source URL is an "RSVP" to the post

  • using HTML markup: class="u-in-reply-to" and class="p-rsvp"

  • The receiver recognizes additional response types, using markup:

  • Response: __________ using HTML markup: __________

  • (Please add lines like above for additional response types the receiver has implemented)

Please describe any other ways the Webmention is displayed or used if applicable.

Update Tests (3.2.4)

  • Does not display an update Webmention as a new response (SHOULD)
  • Removes the response when an update Webmention is sent and the source URL returns 200 and no link is found (SHOULD)
  • Updates and stores the information from the primary object at the source URL (MUST)
  • Updates and stores the information from children or descendant objects at the source URL (MAY)

Delete Tests (3.2.4)

  • Recognizes an HTTP 410 response as a delete, and removes the response (SHOULD)

Security Considerations (4)

  • Webmentions are moderated before being displayed (MAY)
  • Webmentions are periodically re-verified (MAY)
  • The receiver ensures any displayed data it properly encoded/filtered to prevent XSS attacks (MUST)
  • Respects a self-imposed limit on the time spent fetching the source URL (SHOULD)
  • Respects a self-imposed limit on the number of bytes fetched from the source URL (SHOULD)
  • The receiver accepts additional parameters or headers, and so has CSRF protection (SHOULD)

Extensions

This implementation has also implemented the following extensions.