Aurynn ShawJan 29, 2023

so I've started seeing Mastodon apps fetch posts in threads from other servers directly, bypassing server blocks.

This is ... this is deeply concerning to me.

Show threadVyr Cossont 🏳️‍🌈🏳️‍⚧️Jan 29, 2023

@aurynn given how much Mastodon thread context fetch fails at actually providing context, i'm not surprised that client devs are doing this. hell, i've considered implementing it too. but this should be the server's job: so posts only have to be fetched once and so the client doesn't have to talk to foreign servers directly ☹️

another reason to turn on AUTHORIZED_FETCH and DISALLOW_UNAUTHENTICATED_API_ACCESS

…and then field ninety questions a day from users who don't understand why they can't see posts in their browser. if the Mastodon web GUIs were smarter about running clicked links through the search/resolve API, this would be a lot less of an issue.

Configuring your environment - Mastodon documentation

Setting environment variables for your Mastodon installation.

Show threadAurynn Shaw
@vyr I had to disable authorised fetch because it was blocking access to some, in the current crisis in Auckland, rather necessary twitter bot mirrors.
Jan 29, 2023 at 7:15pmWeb