Follow

@freemo qoto's Webfinger seems not to allow cross-origin requests, or at least Firefox thinks so.

When I try to use PeerTube's remote subscribe feature in Firefox (I tried to use it on video.mycrowd.ca), it fails and I see that a request to qoto.org/.well-known/webfinger has failed due to "CORS Allow Origin Not Matching Origin".

When I inspect response headers that trigger this, I see that they do contain "Access-Control-Allow-Origin: *" header, which should be enough to declare that the response can be provided across origins. However, the header is sent twice.

What I suspect is going on is that A-C-A-O is only supposed to have a single value. Specifying it twice is equivalent (according to HTTP spec IIRC) to specifying it once and concatenating values separated with a comma. "*,*" is not a value of A-C-A-O that allows cross-origin access, so Firefox refuses to provide the response back to the cross-origin requester.

Could you figure out why qoto is sending two copies of A-C-A-O in its responses? You can trigger that behaviour by doing `curl 'qoto.org/.well-known/webfinger' -H 'Origin: video.mycrowd.ca' -v`. Note that if the request has no `Origin` header, the reponse has only one A-C-A-O header.

@robryk why would peertube's remote subscribe (at video.qoto.org) be dependent ont he CORS headers at qoto.org itself?

@freemo It's not video.qoto.org's remote subscribe. It's remote subscribe of some other peertube instance (video.mycrowd.ca), where I wanted to subscribe using qoto.org (Mastodon) account.

@robryk ahhh I see ok... that is odd then. Can you subscribe directly from inside the mastodon interface rather than using the remote subscribe button?

@freemo Haven't tried yet; will report back. I assume yes, but wanted to report that the "standard" way doesn't work.

@robryk yes I appreciate that, just want to understand what the workaround will be should someone else find hte problem before I fix it.

@freemo Seems to work. That said, I wouldn't know how to follow a single channel (because I don't really know what's the identifier that one should use for a channel as opposed to a user).

@robryk You dont need to know their identifier, you can paste the link to their profile or to an individual video in the search bar.

@freemo Silly me, didn't think of pasting URLs there. Anyway, I know that following users seems to work this way, so I'd assume that following all other followable stuff would also.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.