Skip to content

Allow user-initiated object lookups (/ap/show endpoint) to follow cross-domain redirects (resolves #820)

Hazelnootrequested to merge
fEmber/Sharkey:hazelnoot/820-allow-lookup-redirect into develop

What does this MR do?

This loosens the restrictions in /ap/show endpoint (used by the Lookup feature) to safely allow for cross-domain redirects, which improves compatibility with split-domain setups and software with separate user-facing and network-facing object URLs. The "alternate link" implementation in ApRequestService is also extended to support additional link formats, including the one used by Mastodon. This allows a user to directly copy/paste any URL from another instance into Sharkey's Lookup box, even if they're viewing a local copy of a remote note.

Caveat: Misskey-based instances do not produce cross-origin alternate links or redirects, which is likely a bug / oversight. This prevents cross-origin links from being copied from one Sharkey instance to another instance. (but it does work in reverse - copying from a non-sharkey instance into sharkey.)

Contribution Guidelines

By submitting this merge request, you agree to follow our Contribution Guidelines

  • I agree to follow this project's Contribution Guidelines
  • I have made sure to test this merge request
Edited by Hazelnoot

Merge request reports