Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • heavy@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    10 months ago

    I meant to say generally, for folks that might read this comment and think problems surrounding the platform and security are solved.