You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 14, 2022. It is now read-only.
The salmon spec defines the base64url encoding as follows:
The encoding used to convert between the MIME type and the "data" string. In this specification, encoding MUST be the string "base64url", indicating the url safe base64 encoding as described in RFC 4648 [RFC4648], sans any trailing padding with equals (=) characters, and with the additional whitespace normalization rules specified in Section 5.1. All implementations MUST support this encoding. Appears exactly once.
Mastodon is sending base64 data with padding = characters, and it shouldn't. You can set the padding parameter to false to solve this.
There was a later rev of magic-sig which stripped all the '=' from base64url and we had an issue with StatusNet at the time (I filed this same bug against StatusNet in 2010 iirc) which forced everybody to (potentially) send two salmons for each message as you couldn't be sure which would verify against which revision of the spec. I note that this later rev (and one following that with different namespaces and which was even messier to implement - potentially requiring you to send the same message 3 times) both sort of vanished from the "official" salmon repo. I'm taking that to indicate the later revs were dropped but somebody should ask John Panzer. I think most everybody that's still using XML on the federated web is using rev 01 of magicsig (the one which allows '=').
Is there a path forward on this? If I'm reading the code correctly, Mastodon won't interoperate with an implementation that doesn't include padding (eg, emersion's, which is the only credible attempt at an OStatus library in Go that I can find).
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The salmon spec defines the
base64url
encoding as follows:Mastodon is sending base64 data with padding
=
characters, and it shouldn't. You can set thepadding
parameter tofalse
to solve this.The
decode_base64
hack is related to this: https://github.com/tootsuite/ostatus2/blob/master/lib/ostatus2/magic_key.rb#L12The text was updated successfully, but these errors were encountered: