~sircmpwn/sr.ht-discuss

2 2

Sourcehut blocking Mastondon instances

Details
Message ID
<877cnjt2aq.fsf@city17.xyz>
DKIM signature
missing
Download raw message
Hi Drew,

I've noticed this commit:
https://git.sr.ht/~sircmpwn/sr.ht-nginx/commit/e6d3721

and then I read this comment on Github[0] ("[...] I have blacklisted
Mastodon User-Agents across SourceHut's services.").

I'd like a bit more context. What does it block exactly? Is this
blocking just images being fetched for previews? Which Sourcehut
services does this affect? Example: what happens if a Mastodon instance
tries to fetch a link in a Sourcehut mailing list? Does it affect also
pages.sr.ht?

Also, I think such a change should need a wider awareness rather then
being silently implemented (and by "silently" I mean casually mentioning
it on your social account).

The HTTP error 420 has a slight touch of bitter sarcasm[1] ("Enhance
Your Calm"), I would probably suggest using a 429 to be more explicit by
using an official HTTP error code.

Thanks for a feedback.

[0]: https://github.com/mastodon/mastodon/issues/23662#issuecomment-1761128615
[1]: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
Details
Message ID
<CWCALRT523DS.2CWAZZ9P2R9B4@taiga>
In-Reply-To
<877cnjt2aq.fsf@city17.xyz> (view parent)
DKIM signature
missing
Download raw message
It blocks mastodon from fetching link previews. You can still post links
to SourceHut on Mastodon.

I see no need to make a bigger fuss, I brought it to the attention of
the Mastodon maintainers so that they can implement a fix.
Details
Message ID
<871qacgsgw.fsf@zancanaro.id.au>
In-Reply-To
<CWCALRT523DS.2CWAZZ9P2R9B4@taiga> (view parent)
DKIM signature
pass
Download raw message
Hey Drew,

On Thu, Oct 19 2023, Drew DeVault wrote:
> It blocks mastodon from fetching link previews. You can still post links to SourceHut on Mastodon.

Not sure if you're aware, but this also block link verification. I was just helping someone on Mastodon who was confused about this: https://social.treehouse.systems/@JustineSmithies/111761452651997049

I believe each instance verifies the link itself (based on reading process_account_service.rb), so it has the same issue as link previews. However, I think link verification is a more significant feature than link previews (which are more incidental).

I don't know how expensive different pages are to render, but I'm hoping that it might be possible to allow requests to the top-level https://sr.ht/~username and https://*.sr.ht/~username pages.

Carlo
Reply to thread Export thread (mbox)