New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
403 returned on comment delivery from streams #12538
Comments
It appears julian is not actually following this account, even though it appears that way from my software. Closing. |
One sec, that shouldn't stop it from being accepted. |
We do a check for a pre-existing relationship, and one of those is whether the comment resolves back to an existing topic. In your case, even without a follow from me, the condition should've been satisfied. This sounds like a bug we need to look into. |
@macgirvin I see the reply actually made it through. Did something change in the interim? |
I still see nothing but 403 returns here. But there was a reply to my comment from silverpill with the same mentions and perhaps that resulted in pulling it in. TBH, I'm not certain exactly what happened. |
Ah that's a good point, that might be why. I'll take a closer look. Thank you for reporting! |
After some digging, this appears to be my own bug. We have some quite extensive permissions. The fetch permissions on that comment ended up being my current default - followers only. So even though it was posted to your site and the conversation is public, your site couldn't actually fetch the activity unless it used your credentials. I think this is what happened. The permissions on my activity should be public because it was part of a public conversation, regardless of my personal preference. I'll try and get this sorted. |
For what it's worth I've actually tried to follow you, but I'm not sure why it doesn't complete (might be my follow isn't accepted) |
I show you as following and accepted. So much for a quiet Sunday.... looks like I'm going to be tracking weird bugs. I might try deleting the connection and starting over. Couldn't hurt at this point. |
In that case it may suggest that the accept from you just wasn't properly handled 🤷 likely something for us to address |
Deleted my side of the connection and started over (I've sent a follow). We'll see how that goes. If that works we can try it going the other way. I might give you a less public account to test against since the logs rotate pretty fast on my primary site. You can try following slosh@unfediverse.com ... though I'm about to get called away for chores. I'll approve it when I get a chance and let you know here. |
Sadly did not receive. NodeBB doesn't have a concept of follow approvals so an Accept should've been sent back immediately. Will check my logs soon. Also have chores to do 😑 It seems like whatever content is being sent my way from fediversity is rejected for whatever reason, but if requested from my end, is ok (e.g. I was able to successfully retrieve your post) |
Yeah, didn't see any Accept here. But I've been called away. Will have to take up at a later time. I might need to give you a test account here so you can check your side on your own schedule. |
Sure, we'll try again another time. Happy to test with a local account on your service if you'd like. I sent a follow from my dev instance (bb.devnull.land) hoping to see something come back but I got nothing, I guess the follow needs to be approved? |
S'rry - approved this around 12-13 hours ago, but Microsoft's SMS 2FA service was borked so I couldn't login here and let you know. |
Just accepted dragonfruit, which I assume is yours (correctly or incorrectly assumed) |
It is, but I didn't realize it was a different account. Now that you've accepted both will subsequent follows automatically bounce an approve back? Edit: The answer is yes, here's what I see on my end:
The "key ownership cross-check" ensures that the claimed actor in the received payload actually controls the |
Got it, it was naive logic in how I broke apart the signature string. I wasn't accounting for values that contained equal signs, of which yours uses ( |
Cool. Thanks. I've been waffling on using fragments for these things like everybody else does, but the webserver never sees fragments on inbound urls - and I kind of think it's important for the webserver to have knowledge of what exactly was requested of it. |
NodeBB version
No response
NodeBB git hash
No response
NodeJS version
No response
Installed NodeBB plugins
No response
Database type
No response
Database version
No response
Exact steps to cause this issue
Reply was sent to julian at community.nodebb.org from mikedev@fediversity.site to a conversation initiated by julian. I believe julian is following this account.
2024-04-27T20:38:35Z
https://fediversity.site/item/7ac903a0-efcf-46ee-a818-bab85c01240f
Account was rejected with error 403 on multiple attempts. Message had http signature which works on a very wide range of fediverse implementations. The actor record was subsequently fetched by nodebb before return the 403.
What you expected
No response
What happened instead
No response
Anything else?
Not urgent, just trying to sort potential interop issues.
The text was updated successfully, but these errors were encountered: