Authorized Fetch: Difference between revisions
No edit summary |
No edit summary |
||
| Line 8: | Line 8: | ||
}} | }} | ||
Up To: [[Part Of::Features]], [[Part Of::Config]] | Up To: [[Part Of::Features]], [[Part Of::Config]] | ||
Defederation, by default, doesn't completely prevent blocked accounts or instances from accessing our instance's content. | |||
== Docs == | |||
https://docs.joinmastodon.org/admin/config/#authorized_fetch | |||
<blockquote> | |||
Also called “secure mode”. When set to true, the following changes occur: | |||
* Mastodon will stop generating linked-data signatures for public posts, which prevents them from being re-distributed efficiently but without precise control. Since a linked-data object with a signature is entirely self-contained, it can be passed around without making extra requests to the server where it originates. | |||
* Mastodon will require HTTP signature authentication on ActivityPub representations of public posts and profiles, which are normally available without any authentication. Profiles will only return barebones technical information when no authentication is supplied. | |||
As a result, through the authentication mechanism and avoiding re-distribution mechanisms that do not have your server in the loop, it becomes possible to enforce who can and cannot retrieve even public content from your server, e.g. servers whose domains you have blocked. | |||
</blockquote> | |||
Revision as of 21:16, 20 December 2023
| Authorized Fetch | |
|---|---|
| Description | Prevents unauthorized access to instance content |
| Env Variable | AUTHORIZED_FETCH |
| Default | false |
| Current Value | false |
| Related To | Defederated Instances, Federation Abuse Policy, Moderation |
| Docs | https://docs.joinmastodon.org/admin/config/#authorized fetch |
Defederation, by default, doesn't completely prevent blocked accounts or instances from accessing our instance's content.
Docs
https://docs.joinmastodon.org/admin/config/#authorized_fetch
Also called “secure mode”. When set to true, the following changes occur:
- Mastodon will stop generating linked-data signatures for public posts, which prevents them from being re-distributed efficiently but without precise control. Since a linked-data object with a signature is entirely self-contained, it can be passed around without making extra requests to the server where it originates.
- Mastodon will require HTTP signature authentication on ActivityPub representations of public posts and profiles, which are normally available without any authentication. Profiles will only return barebones technical information when no authentication is supplied.
As a result, through the authentication mechanism and avoiding re-distribution mechanisms that do not have your server in the loop, it becomes possible to enforce who can and cannot retrieve even public content from your server, e.g. servers whose domains you have blocked.