Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

    • PeriodicallyPedantic
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      No, you’re right. Everyone who downvoted probably also went on an angry tirade first, but they just didn’t type it out. Totally the same. 👍